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What’s  Google’s 
network  plan? 

Recent  moves  spark  varied  speculation. 


BY  JOANNE  CUMMINGS 

Although  most  of  the  gab  about 
Google  focuses  on  a  possible 
desktop  slugfest  with  Microsoft, 
the  real  action  may  be  on  the 
WAN,  where  Google  might  be 
gearing  up  for  a  donnybrook 
with  the  incumbent  service 
providers. 

For  more  than  a  year,  rumors 
have  been  circulating  about 
Google’s  WAN  intentions.  Accor¬ 
ding  to  Business  2. 0,  Google  has 
been  shopping  for  “miles  and 
miles”  of  dark  fiber  from  whole¬ 
salers,  such  as  New  York’s 
AboveNet,  and  it  has  also 
acquired  fast  fiber  links  from 
carriers  such  as  Cogent  Com¬ 
munications  and  WilTel  be¬ 
tween  several  East  Coast  cities, 
including  Atlanta,  Miami  and 
New  York. 

Google  is  even  shopping  for  net¬ 
work  expertise,  as  witnessed  by 
an  ad  on  its  site  for  a  strategic 
negotiator  who  can  handle  “iden¬ 
tification,  selection  and  negotia¬ 
tion  of  dark  fiber  contracts  both 
in  metropolitan  areas  and  over 


long  distances  as  part  of  develop¬ 
ment  of  a  global  backbone  net¬ 
work;  contracts  and  negotiation 
for  managed  metropolitan  ser¬ 
vices  and  long-haul  wavelength 
services  to  fulfill  capacity  and 
redundancy  requirements  in 
North  America,  Latin  America, 

MGoogle  is  the 
900-pound  gorilla. 
What  everybody 
else  thinks  almost 
doesn’t  matter. W 

Thomas  Nolle,  president, 

CIMI  Corp. 

Asia,  and  Europe.” 

The  company  also  is  making 
moves  into  the  wireless  arena, 
bidding  for  Wi-Fi  contracts  in 
major  cities  such  as  San 
Francisco. 

Connecting  the  dots,  some 

See  Google,  page  17 


Licensing  woes 
still  dog  Microsoft 


BY  JOHN  FONTANA 

Five  years  after  Microsoft  sparked  a  firestorm  with 
new  volume  licensing  and  upgrade  programs,  cus¬ 
tomers  are  still  struggling  with  the  system  many  say 
is  delivering  less  than  promised. 

The  programs  have  not  adequately  addressed  the 
complexities  of  licensing,  stemmed  cost  increases 
or  provided  a  simplified  upgrade  path,  customers 
say  Microsoft  continues  to  tweak  the  program  last 
week  when  it  rolled  out  another  handful  of  fea¬ 
tures  for  its  Software  Assurance  (SA)  maintenance 
and  upgrade  program. 

The  company  has  made  things  even  more  com¬ 


plicated  by  introducing  a  dizzying  array  of  licens¬ 
ing  combinations  and  options  for  Office  2007  and 
Windows  Vista  products.  The  offerings,  which  are 
available  only  to  volume  licensing  customers,  don’t 
come  with  published  price  quotes,  |  q06S  Novell 
and  in  some  cases  include  products  s^||  matter? 
and  feature  sets  available  only  to  SA  page  g 
customers. 

“Overall,  licensing  for  everything  in  the  Microsoft 
world  is  not  getting  any  easier,” says  George  Defen- 
baugh,  manager  of  global  IT  infrastructure  projects 
for  petroleum  company  Amerada  Hess  in  New  York. 

See  Licensing,  page  16 


Savvy  IT  fexecs  such  as  Chief 
Information  Security  Offictr  James 
Routh  are  taking  the  early  detection 
approach  to  application  security  — 
scanning  for  security  fla^ys  during 
the  development  process. 


It’s  raining 
IT  security 
surveys 

BY  CARA  GARRETSON 
AND  ELLEN  MESSMER 

If  it  feels  like  you’re  getting  bom¬ 
barded  with  surveys  about  net¬ 
work  security  threats,  that’s  be¬ 
cause  you  are.  Leading  security 
vendors,  looking  to  scare  up  inter¬ 
est  in  their  products,  pumped  out 
more  than  twice  as  many  of  these 
surveys  last  year  as  in  2004,  and 
this  year  are  on  an  even  more 
aggressive  pace. 

Such  surveys  have  shown  that 
25%  of  corporate  e-mail  users 
send  personal  messages,  that 
there  were  2.9  million  phishing 
attacks  in  February  and  that  65% 
of  ISPs  consider  distributed 
denial-of-service  (DoS)  attacks  a 
main  concern. The  factoids  go  on 
See  Survey,  page  14 


CHARLES  ESHELMAN 


A  Service  Managing  7  Million  Transactions  a  Day. 
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How  does  Xerox  Global  Services  manage  millions  of  office  devices  for  its  customers? 
Their  largest  application  runs  on  new  SQL  Server™  2005  64-bit  running  on  Windows 
Server™  2003,  which  provides  99.999%  uptime*  See  how  at  microsoft.com/bigdata 
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Trend  Micro™  and  Cisco  Systems58 —  working  together. 

To  defend  against  today's  aggressive  threats,  networking  and  security 
must  be  tightly  intertwined.  That's  why  Cisco  Systems  collaborates  with 
Trend  Micro  to  deliver  24  x  7  real-time  threat  intelligence  and  outbreak 
prevention  services  in  solutions  like  Network  Admission  Control, 

Incident  Control  System,  Adaptive  Security  Appliances,  and  more. 

Trend  Micro.  Integrated  intelligence.  Increased  security. 


www.trendmicro.com/cisco 
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8  Does  Novell  still  have  mind  share? 


10  VON  urges  support  for  open  access. 

10  IEEE,  vendors  press  forward  on  speedier  wireless  LANs. 
12  Manufacturing  show  to  focus  on  wireless. 

12  Blue  Coat  couples  security,  acceleration  on  appliance. 

17  Red  Hat  lays  out  plans  for  virtualization. 

18  Microsoft  focusing  on  small  business. 


Net  Infrastructure  Networker 


21  Deploying  IP  telephony  is  hot 
issue. 

21  R3A  adds  SAML  2.0  support  to 
server. 

22  Kevin  Tolly:  Measuring  the  new 
broadband. 

22  ScanSafe  debuts  instant¬ 
messaging  security  service. 

Enterprise  Computing 

25  Vendors'  servers  aren't 
one-size-fits-all. 

25  CopperEye  to  help  customers 
downsize  databases. 

Application  Services 

27  GA,  Dell  bolster  management 
software. 

27  Azaleos  adds  e-mail  backup. 

28  Scott  Bradner:  Protecting  the 
guilty  yet  again. 

30  SPECIAL  FOCUS:  XML  data¬ 
bases  gaining  acceptance. 

Service  Providers 

32  Johna  Till  Johnson:  Conduct¬ 
ing  telecom  talks. 

32  GEN  I  looks  to  conjure  up  next- 
generation  network. 

34  Redback  touts  low-end 
edge  router. 


38  Mobil  workers  tap  unified 
messaging. 

Technology  Update 

41  Federated  database  manages 
change. 

41  Steve  Blass:  Ask  Dr.  Internet. 

42  Mark  Gibbs:  Useful  U3  applica¬ 
tions. 

42  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff. 

Opinions 

44  On  Technology:  Searching  for 
system  errors. 

45  Michael  Kamens:  SOX  educa¬ 
tion:  How  to  enter  the  field. 

45  Winn  Schwartau:  Would  you 
hire  Dubai  to  run  your  network? 

92  BackSpin:  "American  IT  Idol." 

92  Net  Buzz:  Your  company  logo 
on  a  postage  stamp? 

Management 

Strategies 

83  Juggling  act:  Healthcare 
system  upgrades  infrastructure 
to  keep  up  with  new  strategic 
applications. 


No  doubt,  security  challenges  loom  large  for  IT 
executives  building  next-generation  IT  architec¬ 
tures.  In  this  issue,  the  second  in  our  six-part  New 
Data  Genter  series  for  2006,  we  delve  into 
automating  security,  protecting  data  throughout  its 
life  cycle  and  setting  the  identity  foundation.  Our 
special  coverage  begins  after  Pag«  53. 


Code  Warriors 

Savvy  IT  execs,  such  as 
James  Routh,  chief 
information  security 
officer  at  the  Deposi¬ 
tory  Trust  and  Clearing 
Corp.,  are  deploying  new 
tools  to  help  catch 
security  Daws  during  the  application  development 
process.  Page  46. 
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COOL  TOOLS 

The  Project-a-Phone  calls 
for  a  lot  of  trial  and  error 
to  make  an  image  display 
correctly.  Page  42 


Microsoft’s  Windows  2003 
Storage  Server  R2  makes  the 
grade  as  a  useful  drop-and-add 
NAS  device.  Page  53. 
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Storage  notes  from  all  over 

Our  beta  storage  aggregator  col¬ 
lects  posts  from  enterprise  storage 
blogs  across  the  'Net.  Check  it  out, 
let  us  know  what  you  think,  and  tell 
us  about  blogs  were  missing. 

DocFinder:  2637 

ITVideo:  A  health  identity  challenge 

Sentillion  CEO  Rob  Seliger  talks  about 
the  critical  need  for  identity  and 
access  management  in  healthcare, 
where  mission-critical  means  life  or 

death.  DocFinder:  2639 


Online  help  and  advice 

Keeping  the  Net  connection  on 
dial-up 

Help  desk  guru  Ron  Nutter  helps  a 
user  keep  caller  ID  from  messing  up 
his  downloads. 

DocFinder:  2640 

VoIP 

Columnist  James  Gaskin  discusses  a 
new  line  of  VoIP  offerings  from 
Linksys.  Worth  a  look? 

DocFinder:  2641 

IT  service  catalogs  and  you 

Analyst  Andreas  M.  Antonopoulos 
looks  at  how  catalogs  could  bridge 

Seminars  and  events 

WLANs  &  Enterprise  Mobility— Are  you  everywhere  you  want  to  be? 

Whether  you're  exploiting  the  full  power  of  3G  broadband,  anticipating  the 
emerging  WiMAX  standards  or  capitalizing  on  the  coming  of  Vo-Fi  via  cellu¬ 
lar  —  if  you  want  to  make  the  most  of  today's  broadband-everywhere 
world,  attend  the  new  Technology  Tour  event  coming  to  Anaheim,  Austin, 
Miami  and  Washington  in  April.  It's  called  Wireless  LANs  &  Enterprise 
Mobility:  Know  No  Limits,  and  it's  free  if  you  qualify  in  advance.  Full  details 
at  DocFinder:  2645 

BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder:  1001 

Free  e-mai:  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 


the  gap  between  business-unit 
expectations  and  SLAs. 

DocFinder:  2643 

Single  sign-on 

Columnist  Dave  Kearns  takes  a  look 
at  an  identity-management  system 
at  Michigan  Tech  University. 

DocFinder:  2642 

New:  SMB  Ask  the  Experts 

Our  New  SMB  Ask  the  Experts 
forum  lets  you  get  help  on  your 
SMB  problems  —  and  share  tips 
with  other  users. 

DocFinder:  2644 


ITVideo:  Logitech  Wireless 
Headphones  for  PC 

With  a  little  help  from  colleagues, 
Editor  Keith  Shaw  tests  the  range  of 
Logitech's  Wireless  (Bluetooth) 
Headphones  for  PC.  How  far  will  they 
reach  in  an  office  environment?  Find 
out.  DocFinder:  2638 

All-Star  call  for  entries 

Get  recognition  for  your  cool  network 
project.  Enter  our  2006  Enterprise 
All-Star  Award  competition.  Go  online 
for  more  information  and  a  nomina¬ 
tion  form.  DocFinder:  2436 
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Anti-phishing  measures  aired 

■  ISPs  and  e-commerce  sites  have  more  tools  to  combat  phishing  scams,  includ¬ 
ing  whitelists  of  legitimate  Web  sites  and  using  false  identification  information  to 
scam  the  scammers,  according  to  a  report  released  last  week.The  report,  from  a 
coalition  of  consumer  groups,  technology  vendors,  financial  services  organiza- 


TheGoodTheBadTheUgly 

Internet:  A  partial  cure  for  cancer?  A  study 

from  Temple  University  found  that  patients  newly  diagnosed  with  can¬ 
cer  who  use  the  Internet  to  research  their  disease  have  a  better  out¬ 
look  and  are  more  active  participants  in  their  treatment.  “They  didn't 
want  to  feel  powerless  or  have  to  rely  on  the  doctor  to  make  all  of  the 
decisions,"  says  principal  researcher  Sarah  Bass. 


tions  and  law  enforcement  agencies,  also  calls  on  Internet  companies  to 
step  up  their  consumer  education  efforts.  Among  the  more  novel  tech¬ 
niques  recommended  by  the  group  is  for  Internet  companies  and  law 
enforcement  agencies  to  enter  false  information,  such  as  bogus  credit 
card  numbers,  into  phishing  Web  sites,  allowing  police  to  find  phishing 
scammers  by  tracking  the  use  of  those  false  numbers.The  57-page 
report,  published  by  the  National  Consumers  League,  came  from  dis¬ 
cussions  in  September  during  a  three-day  retreat  on  fighting  phishing 
organized  by  the  consumer  group. 


Bank-tO-bank  hacking.  Criminals  appear  to  have 
hacked  a  Chinese  bank's  server  and  are  using  it  to  host  phishing  sites 
to  steal  personal  data  from  customers  of  eBay  and  a  m^jor  U.S. 
bank,  according  to  Internet  services  company  Netcraft.  It 
could  be  the  first  scheme  that  uses  one  bank's  infrastructure 
to  exploit  another  bank,  a  Netcraft  spokesman  says. 

<  Dirty  little  secret.  A  survey  by  a  security 

firm  of  900-plus  remote  and  mobile  users  found  that  fewer 
than  half  of  the  females  and  only  about  a  third  of  the 
males  shower  or  wash  on  days  that  they  work  at 
home.  This  would  seem  particularly  bad  for  the  12% 
of  males  and  7%  of  females  who  say  they  work  in  the 
nude. 


Army  awards  $19.25  billion  IT  deal 

■  The  Army  has  picked  seven  government  contrac¬ 
tors  to  provide  computer  technology  services  for  a 
deal  worth  as  much  as  $19.25  billion  over  the  next 
10  years.  The  contractors  are  Booz  Allen  Hamilton, 
CAC1  International,  Computer  Sciences  Corp.,  Lock¬ 
heed  Martin,  Sensor  Technologies,  USfalcon  and 
Viatech.The  Army  says  the  contract  has  a  ceiling  of 
$19.25  billion  but  made  no  guarantee  that  all  of  that 
would  be  spent.  The  agreement  lets  these  vendors 
compete  for  an  array  of  services  such  as  systems 
engineering,  R&D,  software  development,  supply- 
chain  management,  information  security  and 
administrative  support.  In  a  statement  on  its  Web  site 
CACI  said  the  contract  is  the  largest  in  its  44-year  his¬ 
tory  and  “positions  the  company  to  increase  its  size 
and  strength  as  a  top-tier  information  technology 
provider  to  the  Department  of  Defense.” 

Sun  exec  leaving  for  Adobe 

■  Sun  is  losing  its  top  software  executive  to  Adobe, 
the  company  confirmed  last  week.  John  Loiacono, 
who  succeeded  Jonathan  Schwartz  as  executive 

COMPENDIUM  mmmmm 

Soft  and  cuddly  robot 

Japanese  researchers  have  developed  a 
padded  robot  intended  to  care  for  invalids 
and  other  people  who  have  trouble  getting 
around.  The  same  group  of  researchers  last 
year  unleashed  a  snake-like  underwater 
robot  powered  by  an  artificial  muscle.  Find 
r.ore  at  www.nwdocfinder.com/2635. 
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“It’s  important  to  imagine  the 
unimaginable.  Who’d  have 
thought  we’d  evacuate  two 
major  U.S.  cities  within  a  month 
last  year?” 

Dr.  Dale  Nordenberg,  associate  director  for  informatics  and  CIO 
at  the  National  Center  for  Infectious  Diseases,  speaking  at  an 
IBM  event. 

See  the  story  at  www.nwdocfinder.com/2636 


vice  president  of  software  at  Sun  when  Schwartz  was 
promoted  to  president  and  COO  in  April  2004,  will 
take  on  the  role  of  senior  vice  president  of  the 
Creatives  Group  at  Adobe,  according  to  a  Sun 
spokeswoman.  Loiacono  will  be  responsible  for  the 
development,  delivery  and  marketing  of  Adobe’s 
creative  software  portfolio.  Sun’s  software  products 
have  never  matched  the  commercial  success  of  its 
hardware,  even  though  the  Java  technology  much  of 
its  software  is  based  on  has  been  a  huge  licensing 
success  for  the  company  and  is  widely  used  by  third 
parties.  Sun  made  much  of  its  software  open  source 
—  including  its  Solaris  operating  system  and  infra¬ 
structure  software  based  on  Java  —  during 
Loiacono’s  stint  as  head  of  the  software  division. 

Cisco  promises  video  advances 

■  Fresh  on  the  heels  of  its  acquisition  of  video  infra¬ 
structure  vendor  Scientific-Atlanta,  Cisco  is  making 


big  bets  on  video  for  enterprises.  CEO  John 
Chambers  gave  a  few  clues  last  week  about  a  telep¬ 
resence  system  that  he  said  will  make  videoconfer¬ 
encing  more  lifelike;  the  company  plans  to  unveil 
soon  software  that  lets  corporations  manage  and 
present  video  content  for  employees,  partners  and 
the  public. The  telepresence  system  will  use  life-size 
high-definition  video  and  directional  sound  tech¬ 
nology,  Chambers  said.  Cisco  expects  the  system  to 
be  announced  later  this  year  and  become  commer¬ 
cially  available  in  about  a  year.  Videoconferencing 
has  had  a  rocky  history,  with  expectations  of  a  boom 
frequently  dashed.  Previous  systems  have  failed 
because  of  complexity,  high  cost  and  generally  poor 
quality,  according  to  Cisco. 

Ransomware  said  to  be  growing 

■  A  virus  that  encrypts  documents  and  demands  a 
ransom  to  get  them  back  is  circulating  on  the  Internet, 
but  at  least  one  security  company  has  released  the 
password  needed  to  recover  the  files.The  Trojan  horse 
virus  encrypts  the  contents  of  a  user’s  Word  docu¬ 
ments,  databases  or  spreadsheets,  and  leaves  a  file 
demanding  $300  in  exchange  for  the  password  to 
access  the  information,  says  Graham  Cluley,  senior 
technology  consultant  with  security  company 
Sophos.A  text  file  directs  victims  to  transfer  money  to 
one  of  99  accounts  run  by  e-gold, a  company  that  runs 
a  money  transfer  site.  Similar  ransomware  schemes 
have  been  traced  to  Russia,  and  this  type  of  attack 
appears  to  be  growing,  Cluley  says.  After  encrypting 
the  data,  the  Trojan  deletes  itself.  The  password  to 
unlock  the  data,  however,  is  contained  in  the  Trojan 
and  is  used  in  the  process  of  encrypting  the  files. 
Technicians  at  Sophos  extracted  the  password,  which 
is  made  to  look  like  a  file  path  name  —  C:\Program 
Files\Microsoft  Visual  Studio\VC98. 
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GATEWAY  HELPS  HIGHER  ED  GO  HIGH  TECH 

A  lesson  on  reinventing  learning. 


Gateway  is  helping  to  transform  the  learning  environment 
at  colleges  and  universities  across  the  country.  At  the 
University  of  Tennessee  at  Martin,  professors  thought 
math  and  PCs  were  a  bad  mix  until  discovering  they  could 
handwrite  equations  on  Gateway's  M280-E  Convertible 
Notebook.  And  at  College  of  DuPage,  the  convertible 
notebook  is  replacing  the  chalkboard.  Professors  roam 
freely  in  class,  engaging  students  to  problem  solve  on 
the  tablet  while  wirelessly  projecting  the  information 
for  the  whole  class. 

Colleges  and  universities  everywhere  are  learning  just 
how  invaluable  partnering  with  Gateway  can  be.  With 
a  full  line  of  innovative  technology  like  our  new 
convertible  notebook  powered  by  Intel®  Centrino® 
Mobile  Technology1,  the  E-4500  desktop  and  rackmount 
and  tower  servers  supporting  single-core  or  dual-core 
Intel®  Xeon®  Processors,  Gateway's  helping  to  solve 
challenges  in  all  areas  of  education.  Learn  more  about 
how  Gateway  is  transforming  higher  education  with 
new  technology. 

CALL  1-866-299-2481  OR  VISIT  Gateway.com/TellUs/HED 


Gateway  convertible  notebooks  help  University  of 
Tennessee  at  Martin  put  agriculture  students  in  the 
field  to  study  crops  and  conduct  wildlife  research. 


.JSK?  , 


M&HR 


..... 


■"swm 


^  MOBILE 
TECHNOLOGY 


Wm 


*3 


' 


1 


Gateway. 


College  of  DuPages  organic  chemistry  class  conducts 
experiments  with  Gateway  convertible  notebooks. 
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Does  Novell  still  have  mind  share? 

Transition  to  a  Linux  company  has  provided  mixed  results  so  far,  observers  say. 


Novell  in  transition 


In  2003,  Novell  started  its  Linux  strategy  to  counteract  the  decline  of  its  proprietary  NetWare  operating 
system.  The  company  has  since  expanded  that  strategy,  adding  software  for  managing  the  open 
systems  enterprise. 


Nov  2003 

Novell  acquires 
SuSE. 


Sept  2004 

Ships  ZENworks  Linux 
Management 


Jan  2005 

Ships  SuSE  Linux 
Enterprise  Server  9. 


Aug  2005 

Launches  GroupWise  7  NetWare 
and  Linux  collaboration  software. 


Nov  2005 

Company  restructures, 
cuts  10%  of  staff. 
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Nov  2004 

Chris  Stone,  credited  with  Novell's 
Linux  initiative,  leaves  Novell. 


Mar  2005 

Ships  Open 
Enterprise  Server. 


May  2005  I 

Acquires  Linux  security 
vendor  Immunix. 


Aug  2005 

Launches  ZENworks  7  Suite  to 
manage  Linux  servers  and  desktops. 


BY  DENI  CONNOR 
AND  JENNIFER  MEARS 

Does  a  reinvented  Novell  mat¬ 
ter  anymore? 

As  the  company  prepares  to 
trumpet  its  focus  on  serving  the 
open  enterprise  at  its  annual 
BrainShare  conference  this 
week,  industry  observers  remain 
mixed  on  whether  the  former 
networking  powerhouse  has  a 
relevant  place  in  today’s  corpo¬ 
rate  software  market. 

“Novell  never  comes  to  mind, 
and  it  has  been  a  long  time  since 
I  last  thought  about  Novell,”  says 
David  Bratt,  manager  of  network 
systems  for  the  H.  Lee  Moffitt 
Cancer  Center  in  Tampa,  Fla. 

It’s  a  mind-set  that  Novell  is  try¬ 
ing  to  change  as  it  transitions 
away  from  its  NetWare  roots  into 
a  company  focused  on  Linux 
and  open  platforms.  Industry 
experts  say  there  is  little  question 
that  Novell  still  has  quality  prod¬ 
ucts  in  directory  services, systems 
management  and  collaboration. 

“Novell  is  a  leader  in  the  provi¬ 
sioning  of  identity  management 
[eDirectory]  and  open  source 
products, ’’says  John  Halamka.CIO 
of  Harvard  Medical  School  and 
CareGroup  Healthcare  in  Boston. 
Halamka  says  he  recently  looked 
at  Novell  for  directory  services 
and  Linux.  He  decided  to  build 
his  own  metadirectory  and  use 
Red  Hat  Linux  for  his  kiosks 
because  he  was  more  familiar 
with  it. 

More  than  two  years  after 
acquiring  Linux  distributor  SuSE 
and  setting  out  to  right  itself  — 
with  a  business  transformation 
based  on  Linux  and  manage¬ 
ment  applications  based  on 
open,  non-proprietary  systems  — 
Novell  continues  to  struggle. 

The  company’s  revenue  was 
roughly  flat  last  year  vs.  the  year 
before. 

In  the  first  quarter  of  this  year,  it 
reported  revenue  of  $274  million, 
down  about  5%  from  the  $290  mil¬ 
lion  it  reported  during  the  same 
period  a  year  ago.  It  scratched  out 
about  a  $2  million  quarterly  profit. 

Industry  observers  say  Novell’s 
struggles  don’t  come  as  a  sur- 
;;<i  because  the  task  of  migrat¬ 
ing  from  a  proprietary  platform 
—  NetWare  —  to  an  open  one  — 
SuSE  Linux  —  is  no  easy  task.  At 


the  same  time,  analysts  and  cus¬ 
tomers  say  Novell  could  be 
doing  a  better  job  delivering  its 
message. 

“Novell  has  made  it  very  clear 
that  Linux  is  the  future  of  the 
company  but  once  again  Novell 
is  poor  at  communicating  it  to 
everyone  but  the  Novell  faithful,” 
says  Karl  Reischl,  network  admin¬ 
istrator  and  longtime  NetWare 
user  at  Moraine  Dam  Technical 
College  in  Beaver  Dam,  Wise.  “I 
can  almost  guarantee  you  that 
one  of  the  speeches  at 
BrainShare  will  be, ‘We’ll  improve 
our  marketing,’  which  they  do  for 
a  few  months  and  then  drop  off 
the  planet.” 

Novell  was  the  name  in  net¬ 
work  operating  systems  in  the 
early  1990s,  but  today  most  IT 
managers  aren’t  looking  at  the 
company  for  new  software  pur¬ 
chases.  A  recent  Goldman  Sachs 
survey  of  IT  executives  showed 
expected  increases  in  software 
spending  in  2006  but  found  that 
Novell  was  one  of  just  two  soft¬ 
ware  vendors  listed  as  losing 
share.  CA  was  the  other. 

“Today  the  question  is,  ‘Novell 
who?”’ says  Josh  Greenbaum,  prin¬ 
cipal  analyst  at  Enterprise  Appli¬ 
cations  Consulting.  “They’re  com¬ 
pletely  irrelevant  in  the  enterprise 
software  market  now,  and  it’s  iron¬ 
ic  because  they  were  such  a 
major  force  for  so  long.  ...  We 
almost  forget  how  dynamic  the 
company  was,  once  upon  a  time.” 

Novell  has  yet  to  replicate  that 
former  energy  to  drive  big  growth 
with  its  Linux  business.  Although 
the  market  continues  to  soar  — 
Linux  notched  its  14th  consecu¬ 
tive  quarter  of  double-digit 
growth,  boosting  revenue  20%  in 
the  fourth  quarter  of  last  year, 
while  Windows  grew  just  less  than 
5%,  according  to  IDC  —  Novell  is 
having  trouble  gaining  market 
share  from  leader  Red  Hat. 

In  the  most  recent  quarter, 
Novell’s  Linux  revenue  grew  22% 
to  $10.4  million,  while  Red  Hat’s 
revenue  jumped  44%  in  its  most 
recent  quarter  to  $73  million. 

“This  indicates  that  Red  Hat  is 
roughly  seven  times  larger  and 
growing  twice  as  fast,”  wrote  Mark 
Murphy,  a  managing  director  at 
First  Albany  Capital,  in  a  note 
issued  March  3  after  Novell’s 


earning  release. 

According  to  a  note  issued  last 
fall  by  Credit  Suisse  First  Boston 
analyst  Jason  Maynard,  Red  Hat 
nearly  doubled  its  hold  on  the 
Linux  market  between  2002  and 
2004,  growing  from  a  40%  share 
to  nearly  64%.  SuSE,  which  was 
acquired  by  Novell  at  the  end  of 
2003,  fell  from  holding  25%  of  the 
market  to  just  less  than  20%. 

In  an  open  letter  to  Novell’s 
board  of  directors,  Maynard  says 
big  changes  are  needed,  includ¬ 
ing  a  stronger  shift  in  strategic 
direction  to  take  advantage  of 
the  “giant  market  opportunity” 
Linux  offers. 

“Although  SuSE  is  the  No.  2  play¬ 
er  in  the  market,  unless  things 
change,  we  believe  that  it  will 
continue  to  lose  market  share  to 
leader  Red  Hat,”  Maynard  says. 

Novell  executives  say  they  are 
on  course,  shifting  focus  from 
NetWare,  which  experienced  a 
73%  decline  in  revenue  in  the 
first  quarter  of  2006  compared 
with  the  same  period  a  year  ago. 
Novell’s  NetWare/Linux-based 
Open  Enterprise  Server,  which 
shipped  in  March  2005,  has  seen 
an  increase  of  $43.1  million  in 
revenue  in  the  first  quarter  of  this 
year,  balancing  the  combined 
decline  to  11%.  “A  big  portion  of 
what  we  lost  [in  NetWare  rev¬ 
enue],  we  gained  with  sales  of 
Open  Enterprise  Server’’  says  Joe 
Tibbetts,  Novell’s  CFO. 

Not  that  Novell’s  days  are  num¬ 
bered. The  company  has  $1.7  bil¬ 
lion  in  the  bank  and  reported  a 
respectable  22%  jump  in  Linux- 


related  revenue  for  the  first  quar¬ 
ter,  compared  with  the  same  peri¬ 
od  a  year  ago.  Chairman  and  CEO 
Jack  Messman  also  has  played  a 
part  in  Novell’s  transition  — 
when  he  joined  the  company  at 
the  end  of  2001 ,  it  was  suffering  a 
loss  of  $272.8  million.  At  the  end 
of  fiscal  year  2005,  Novell  report¬ 
ed  net  income  of  $376.7  million, 
up  from  fiscal  year  2004  net 
income  of  $57.1  million. 

A  Novell  spokesman  says  he 
expects  about  1,000  first-time 
attendees  at  this  week’s  Brain¬ 
Share  conference,  which  typically 
draws  about  6,000  people.  The 
weeklong  event  will  be  the  first  to 
focus  solely  on  Novell’s  open 
source,  with  sessions  focused  on 
Linux  and  the  migration  of  Net¬ 
Ware  users  to  the  Linux  platform. 
Novell  is  expected  to  talk  about  its 
next  release  of  Open  Enterprise 
Server,  code-named  Cypress,  in 
which  NetWare  can  only  be  run 
as  a  client  operating  system  on  an 
open  source  Linux/Xen  virtual¬ 
ized  server  (NetWare  viX). 

But  analysts  say  Novell  has  a 
tough  road  ahead  as  it  fights  to 
drive  interest  from  customers  out¬ 
side  its  legacy  NetWare  base. 

“They  actually  have  a  good 
offering  [in  SuSE  Linux], but  they 
seem  unfocused,”  says  Rob 
Enderle  of  the  Enderle  Group. 
“Because  of  NetWare  they  are  sim¬ 
ply  perceived  broadly  as  a  com¬ 
pany  in  decline,  and  folks  don’t 
want  to  bet  on  such  a  company 

“They  need  to  take  their  lumps 
and  move  crisply  off  of  NetWare; 
downsize  if  they  need  to,  but  get 


back  to  a  position  of  growth  so 
that  companies  can  believe  they 
will  be  around  post-sale,”  he  says. 

Financial  analysts  call  for  a 
change  in  management  and 
point  to  a  number  of  executive 
appointments  made  earlier  this 
month  as  a  good  sign. 

The  appointments  “may  repre¬ 
sent  the  beginning  steps  being 
made  by  [Novell’s]  president  and 
chief  operating  officer,  Ron 
Hovsepian,  in  overhauling  the 
management  team  to  improve 
the  aggressiveness  of  the  corpo¬ 
rate  culture,”  Murphy  wrote  in  a 
note  March  10,  in  which  he 
upgraded  Novell  from  underper¬ 
forming  to  neutral. 

That  kind  of  corporate  rejuve¬ 
nation  may  be  just  what  Novell 
needs  to  start  attracting  more 
enterprise  buyer  attention. 

“Novell  disappeared  from  the 
radar  screen  for  a  while,"  says 
Ulrich  Seif,  CIO  at  National 
Semiconductor.  He  says  he 
looked  at  Novell  when  choosing 
a  Linux  distributor  but  brought  in 
Red  Hat  at  the  recommendation 
of  his  application  vendor.  With 
the  Linux  kernel  becoming  com¬ 
moditized,  the  playing  field  is 
open  and  he’ll  be  looking  more 
closely  at  what  kinds  of  services 
and  support  the  two  distributors 
can  provide. 

“It’s  imperative  to  stay  close  to 
the  road  maps  of  both  vendors, 
since  we  need  to  keep  an  open 
mind  when  it  comes  to  system 
tools  like  monitoring  or  features 
around  grids  and  virtualization,” 
he  says.B 
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“The  Gateway  M280E  Tablet  PC  was  the 
most  innovative  and  easy  to  use  product 
that  we  encountered  this  year.” 

/T  PVeeA,  January  23, 2006 


GATEWAY®  M280  CONVERTIBLE  NOTEBOOK  -  Intel®  Centrino®  Mobile  Technology1  •  Microsoft®  Windows®  XP 
Tablet  PC  Edition  •  Integrated  Wireless  •  14"  Widescreen  Display  •  Continuous  Sensing  Technology™  •  Up  to 
8.5  Hours  of  Battery  Life2  •  Durable  Magnesium  Frame  and  Hinge  •  Enhanced  Security  •  Managed  Lifecycle 


TO  LEARN  MORE  CALL  1-866-531-8297  OR  VISIT  Gateway.com 
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Gateway  Recommends  Microsoft®  Windows®  XP  Tablet  PC  Edition. 


POWER.  PERFORMANCE.  SOLUTIONS. 

Put  our  technology  in  your  hands. 
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OUR  TECHNOLOGY  CAN  HELP  YOU  MEET  YOUR  GOALS.  Gateway  is  assisting  schools  in 
meeting  their  one-to-one  computing  initiatives  by  putting  a  tablet  PC  in  the  hands  of 
every  student.  The  innovative  14"  widescreen  M280  convertible  notebook  transforms 
from  a  notebook  into  a  fully  functional  tablet  and  allows  students  to  work  anywhere, 
anytime — thanks  to  up  to  8.5  hours  of  battery  life  and  Intel®  Centrino®  MobileTechnology. 
It's  just  one  of  the  many  technology  solutions  we  offer  to  address  the  needs  of  a  variety 
of  markets,  from  education  to  business  to  government.  At  Gateway  we  know  every 
organization  needs  the  power  to  perform  and  we're  committed  to  providing  a  quality 
lineup  of  products,  services  and  solutions  designed  to  give  yours  the  edge. 
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VON  speakers  debate  net  neutrality 


MWon’t  that  give  advantage  to  some  providers 
who  will  pay  that  extra,  an  advantage  over  the 
others?Yeah.  How  can  that  be  a  problem  in  the 
commercial  space?55 


Qwest  CEO  Dick  Notebaert 


BY  TIM  GREENE 

SAN  JOSE  —  Fblitics,  not  tech¬ 
nology,  dominated  the  Spring 
2006  VON  show  last  week,  with 
calls  from  Internet  innovators  to 
support  proposed  legislation  they 
say  would  protect  the  next  gener¬ 
ation  of  ’Net-based  businesses. 

At  stake,  speakers  at  the  show 
asserted,  is  the  notion  of  network 
neutrality  supported  by  the  FCC 
that  says  network  providers  can¬ 
not  block  or  hinder  Internet  traffic 
unless  it  is  illegal  or  damages  the 
network.  Congress  is  considering 
proposals  that  would  require  car¬ 
riers  to  continue  to  give  equal- 
quality  access  to  Internet  content 
and  application  providers. 

Major  carrier  executives,  notably 
AT&T  CEO  Ed  Whitacre  and 
Verizon  Chairman  and  CEO  Ivan 
Seidenberg,  have  indicated  they 
want  to  charge  more  for  access  to 
support  content  and  applications 
that  require  faster  response  times 
such  as  voice,  video  and  gaming. 

Allowing  that  would  stifle  the 


innovation  that  brought  about  the 
Internet,  Stanford  law  professor 
Lawrence  Lessig  told  the  audi¬ 
ence  during  his  keynote  address. 
“Creativity  is  enhanced  by  less- 
than-perfect  control  over  what 
content  is  on  the  network,"  Lessig 
said. 

Put  more  bluntly  if  carriers 
charge  more  for  enhanced  Inter¬ 
net  speeds,  start-ups  that  try  out 
new  services  on  the  Internet  will 
never  be  able  to  afford  the  access 
they  need  to  see  if  their  ideas  can 
succeed,  said  David  Isenberg,  a 
fellow  at  the  Berkman  Center  for 
Internet  and  Society  at  Harvard 
Law  School. 

“If  they  have  to  pay  upfront  to 
find  their  market,  they’re  screwed,” 
said  Isenberg,  who  moderated 
panels  at  VON  and  promoted  a 
meeting  in  Washington,  D.C.,  next 
month  that  would  bring  together 
legislators,  regulators  and  Internet 
entrepreneurs  to  work  toward 
Internet-access  protections. 

Companies  that  have  found  suc¬ 


cess  on  the  Internet  don’t  have  to 
worry  because  they  have  the 
income  to  pay  extra,  he  said. 
“Google  and  eBay  and  Yahoo  and 
Amazon  can  make  deals  for  the 
services  they  need,”  Isenberg  said. 

The  concern  is  that  only  carriers 
will  be  able  to  afford  to  innovate, 
Lessig  says. ‘A  network  that  is  pro¬ 
duced  by  end-to-end  applications 
is  more  valuable  to  the  economy 
than  a  network  that  gets  produced 
by  AT&T  ownership,”  he  said. 

But  carrier  executives  say  they 
deserve  the  ability  to  pay  off  the 
network  investments  they  must 
make  to  provide  high-quality  ser¬ 
vice,  and  they  deserve  to  profit. 


During  his  VON  keynote,  Qwest 
CEO  Dick  Notebaert  said  the 
company  will  encourage  content 
providers  to  buy  higher  quality-of- 
service  pipes  and  to  subsidize 
higher  quality  of  service  for  their 
customers  as  a  sound  business 
move  that  would  provide  a  com¬ 
petitive  advantage.  He  likened 
this  to  a  mail-order  catalog  com¬ 
pany  offering  to  ship  sweaters 
overnight  at  no  extra  charge 
beyond  the  cost  of  standard  five- 
day  delivery  Customers  would 
likely  take  the  offer,  and  it  is  a  way 
for  the  catalog  company  to  gain  a 
competitive  advantage,  he  said. 

Notebaert  said  such  commer¬ 
cial  agreements  —  not  regula¬ 
tions  requiring  equal  treatment 
for  all  Internet  traffic  —  are  the 
way  to  go.  “Won’t  that  give  advan¬ 
tage  to  some  providers  who  will 
pay  that  extra,  an  advantage  over 
the  others?  Yeah,”  Notebaert  said. 
“How  can  that  be  a  problem  in 
the  commercial  space?” 

Negotiations  between  carriers 
and  Internet  businesses  is  the  way 
to  go,  said  David  Young,  Verizon 
director  of  technology  policy, 
speaking  on  a  show  panel.  “What 
could  Verizon  or  AT&T  offer  that 
Google  would  pay  for  willingly? 
We  need  to  work  together,  and 
that  will  happen  if  it’s  left  alone,” 
Young  said. 

All  the  political  talk  at  the  show 
is  a  throwback  to  VON’s  formation 
10  years  ago  as  a  political  group 
that  successfully  lobbied  Congress 
to  vote  against  letting  the  Internet 
be  regulated  as  a  long-distance 
company  The  show  has  grown 
too;  this  year  it  boasted  320  ex¬ 
hibitors  and  more  than  8,000 
attendees.  Last  spring’s  show  had 
240  exhibitors  and  about  6,000 
attendees. 

With  VoIP  established  as  a  tech¬ 
nology  and  a  business,  exhibitors 
displayed  their  solutions  to  impor¬ 
tant  challenges  such  as  how  to 
provide  E911  location  informa¬ 
tion  for  IP  phones  that  can  be 
moved  freely  with  nothing  to 


identify  them  but  an  IP  address. 

Several  proposed  methods  call 
for  chips  in  IP  telephony  devices 
—  phones,  PDAs,  laptops  —  that 
use  a  variety  of  methods  to 
announce  where  they  are.  A  com¬ 
pany  called  Skyhook  has  driven 
across  the  United  States  to  map 
the  signals  of  personal  and  busi¬ 
ness  Wi-Fi  access  points,  and  uses 
this  database  to  match  the  signal 
pattern  an  IP  telephony  device 
picks  up  to  identify  its  location. 

Rosum’s  chip  uses  the  patterns 
of  broadcast  television  antennas 
in  combination  with  global  posi¬ 
tioning  satellites  to  determine 
where  they  are  located.  GPS  is 
insufficient  because  its  signals 
cannot  penetrate  buildings,  the 
company  says.  S5  is  installing  a 
network  of  towers  in  the  most 
populated  35  U.S.  cities  that  can 
receive  signals  from  IP  devices 
and  give  a  fix  on  their  locations. 
The  chip  will  include  a  barometer 
to  help  indicate  how  far  off  the 
ground  the  devices  are,  so  emer¬ 
gency  responders  can  better  find 
them  in  high-rise  buildings. 

When  someone  dials  911  from 

such  a  device  and  its  location  is 

determined,  the  information  is 
* 

passed  along  to  the  service  pro¬ 
vider  that  passes  it  to  a  company 
that  can  then  relay  the  call  to  the 
emergency  response  center  clos¬ 
est  to  the  caller.  One  such  compa¬ 
ny  Intrado,  says  it  is  working  with 
these  vendors  to  support  its  up¬ 
coming  products. 

VON  also  was  the  showcase  for 
vendors  cooperating  to  integrate 
their  software  in  an  attempt  to 
quickly  offer  new  IP  capabilities. 
For  example,  Digium,  the  com¬ 
mercial  vendor  of  the  open 
source  IP  PBX  called  Asterisk, 
demonstrated  interaction  with 
several  other  software  makers, 
including  speech-recognition  spe¬ 
cialists  LumenVox;  Esna  Technol¬ 
ogies,  which  sells  unified  commu¬ 
nications  software;  and  Web- 
Dialogs,  which  makes  Web  confer¬ 
encing  software.  ■ 


IEEE,  vendors  press  forward 
on  speedier  wireless  LANs 


BY  JOHN  COX 

The  IEEE  has  begun  accepting  comments  on  the 
just-adopted  802.1  In  draft  standard  for  100-plus 
Mbps  wireless  LANs. The  number  and  scope  of  the 
responses  will  determine  whether  there  will  be  big 
or  small  changes  to  the  draft  at  the  next  802.1  In 
task  group  meeting  in  May. 

Small  changes  will  keep  the  standard  on  track  for 
final  ratification  and  interoperability  testing  in  mid- 
to-Iate  2007.  Long  before  then,  vendors  hope  the 
standard  will  be  firmly  set  enough  to  provide  a  base 
for  the  next  generation  of  WLAN  products. 

Network  professionals  seem  to  be  in  no  hurry. 

“[802.1  In]  would  require  a  hardware  forklift  for 
most  folks,  including  us,  where  we  seem  to  be  able 
to  deliver  adequate  performance  for  real-time  ser¬ 
vices,  or  other  bandwidth  consumers,  with 
802.11g/a,”  says  Brad  Noblet,  COO  for  Harvard 
University’s  Faculty  of  Arts  and  Sciences. 

That  will  remain  true  for  about  two  years, says  Bob 
Egan,  director  of  emergent  technologies  at  consult¬ 
ing  firm  Tower  Group.  “1  don’t  think  there’s  a  com¬ 
pelling  reason  to  do  a  wholesale  swap-out  because 
1 1  n  has  a  faster  access  method,”  he  says. 

But  if  you  want  to  see  the  next  generation,  there 
will  be  a  selection  of  products  in  just  a  few  months. 
By  June,  several  vendors  say  they  expect  to  intro¬ 
duce  pre-N,  or  draft  N,  products  based  on  new 
chipsets  from  Atheros  and  Broadcom. 


Netgear  promises  data  rates  of  up  to  600Mbps  for 
its  new  line  of  products,  based  on  the  draft  stan¬ 
dard,  to  be  launched  by  June.The  new  designs  were 
showcased  at  the  recent  Cebit  show  in  Germany 
Linksys,  the  consumer  division  of  Cisco,  says  it  will 
launch  draft  802.1  In  products  in  the  second  quar¬ 
ter.  “We’re  confident  they  will  be  software  upgrade- 
able  [to  the  final  1  In  standard]  but  we  haven’t  said 
we’ll  guarantee  that,”  a  spokeswoman  says. 

A  technology  called  Multiple  Inupt  Mulitple  Out¬ 
put  (MIMO)  (see  www.nwdocfinder.com/2647  for 
details  on  the  technology)  creates  multiple  data- 
streams  between  two  or  more  antennae  on  both 
sides  of  the  radio  link  to  boost  throughput  far  be¬ 
yond  the  22M  to  24Mbps  possible  with  today’s 
802.1  lg  and  802.1  la  networks.The  first  commercial 
MIMO  chipset,  by  Airgo  Networks,  was  brought  to 
market  in  2004.  Belkin  was  among  the  first  to 
launch  an  Airgo-based  access  point  and  adapter 
cards,  rated  at  faster  than  108Mbps,  in  October  2004. 

While  rivals  such  as  Atheros  and  Broadcom  are 
just  now  bringing  out  their  first  generation  of  MIMO 
in  the  draft  1  In  products,  Airgo  executives  say  they 
are  focused  on  a  fourth-generation  chip  designed 
to  fully  implement  the  final  1 1  n  standard. 

But  enterprise  customers  with  some  WLAN  experi¬ 
ence  are  not  swayed  by  the  promise  of  a  huge  boost 
in  throughput.  Other  issues  are  critical. 

See  802.11n,  page  16 
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Manufacturing  show  to  focus  on  wireless 


BY  PHIL  HOCHMUTH 

Deploying  wireless  technolo¬ 
gies  —  from  RFID  to  802.11  — 
and  bolstering  supply  chain 
management  and  machine-to- 
machine  communications  will  be 
among  the  top  IT  topics  at  this 
week’s  National  Manufacturing 
Week  show. 

The  Rosemont,  Ill.,  conference, 
which  will  exhibit  wares  from  the 
latest  industrial  lubricants  to 
assembly-line  robots,  will  feature 
more  than  100  IT-  and  network- 
focused  companies,  including 
Microsoft,  Oracle  and  Verizon,  and 
many  makers  of  industrial  Ether¬ 
net  and  plant-control  network 
gear  and  software,  such  as 
Control  Chief,  Lantronix  and 
National  Instruments. 


“Radio  GaGa” 

Manufacturers  are 
investing  in  RFID 
technology  to  cut  costs 
and  improve  data 
collection  accuracy. 

RFID  in  manufacturing 


Not  involved 
with  RFID 

Companies  with 
an  RFID  project 

60% 


DATAMONITOR  SURVEY  OF  150 
COMPANIES 


Spending  on  RFID*  (millions) 


Cost  of  an  RFID  tag*  (cents) 

S.30  “ 

$.20  " 

$10  - 

$.00  — 
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SOURCE:  GARTNER  ESTIMATES* 


IT  professionals  at  manufactur¬ 
ing  companies  say  the  potential 
value  and  deployment  complex¬ 
ities  of  RFID  will  be  a  major 
theme  at  the  show.  Pressure  from 
government  agencies  and  big 
retailers  such  as  Wal-Mart  is  forc¬ 
ing  businesses  to  streamline 
their  product  inventory  with 
RFID.  At  the  same  time,  forward- 
thinking  manufacturers  are  look¬ 
ing  at  the  technology  as  a  com¬ 
petitive  advantage. 

“We  assume  long-term  that  RFID 
will  be  in  our  supply  chain,”  says 
Alan  Wyne,  CIO  of  Rollpak,  a  man¬ 
ufacturer  of  industrial  trash  can 
liners,  in  Goshen,  Ind.  “It  will  rein¬ 
vent  how  we’ll  manage  and  track 
and  see  our  inventory  Although 
the  industry  we  supply  is  not  al¬ 
ways  on  the  cutting  edge,  we  want 
to  get  ahead  of  the  curve  on  this.” 

Wyne, who  will  present  a  session 
on  RFID  at  the  conference,  says 
his  company  didn’t  begin  looking 
at  RFID  because  of  a  mandate 
from  suppliers  or  customers. 
Rather,  he  wants  to  get  the  tech¬ 
nology  ready  and  running  on  the 
network  at  Rollpak  before  this 
demand  surfaces. 

“We  could  wait  until  customers 
say  we  have  to  have  [RFID],  then 
drop  hundreds  of  thousands  of 
dollars  to  pay  someone  to  put  it  in 
quickly  Wyne  says.  “What  we’re 
doing  instead  is  taking  about  a 
$6,000  investment,  buying  some 
equipment  and  playing  with  it, 
and  getting  it  to  the  point  where 
we  have  a  system  in  place  that’s 
ready  to  go  —  whether  it’s  from 
customer  demand  or  used  as  a 
competitive  advantage.” 

Rollpak  is  already  beyond  test¬ 
ing  RFID;  it  uses  tags  to  track  in¬ 
ventory  in  its  warehouses,  replac¬ 
ing  bar  code  reading.  RFID  read¬ 
ers  are  tied  to  the  Ethernet  and  IP 
network  and  feed  data  into  a  cen¬ 
tralized  ERP  system,  which  pro¬ 
cesses  the  inventory  figures  with 
custom-written  scripts. 

Industry  watchers  say  there  is 
great  potential  benefit  from  RFID 
and  other  network  technologies 
that  tie  together  physical  manufac¬ 
turing  processes  and  the  move¬ 
ment  of  goods  into  back-end  mon¬ 
itoring  and  accounting  systems. 
But  manufacturers  must  show 
what  the  ultimate  dollar  savings 
will  be  before  hooking  up  plant 
equipment  with  IP  addresses,  or 
canvasing  a  factory  with  wireless 


LAN  or  RFID  readers. 

“I’m  a  bit  more  skeptical  about 
the  benefits  of  RFID”  as  just  a 
stand-alone  technology,  says  Thilo 
Koslowski,  a  research  vice  presi¬ 
dent  with  Gartner  who  tracks 
manufacturing  IT  issues. 

“What  needs  to  happen  before 
you  leverage  the  potential  of 
RFID  is  you  must  change  the  busi¬ 
ness  first.You  have  to  change  the 
way  you  communicate  with  sup¬ 
pliers,  and  have  a  real-time  supply 
chain  in  place  before  RFID  pro¬ 
vides  substantial  value  that  will 
justify  the  investment.” 

This  could  involve  installing 
ERP  software  and  more-powerful 
servers  to  handle  the  massive 
amounts  of  real-time  data  pro¬ 
duced  by  a  large  RFID  network. 
There  also  need  to  be  automated 
electronic  communications  links 


among  suppliers,  manufacturers 
and  customers  to  get  larger  bene¬ 
fits,  Koslowski  says. 

Besides  bringing  pieces  of  in¬ 
ventory  or  pallets  of  product  on¬ 
line  through  RFID,  manufacturers 
are  plugging  crucial  production 
machinery  into  the  network  to 
monitor  its  health  and  perfor¬ 
mance,  according  to  Nick  Hayes,  a 
partner  with  consultancy  Five- 
Twelve  Group.  This  marching-to- 
machine,  or  M2M,  technology  will 
be  the  subject  of  a  roundtable 
hosted  by  Hayes  at  the  show. 

“Many  manufacturers  are  rush¬ 
ing  to  predictive  maintenance 
and  enabling  machinery  with 
Ethernet  and  wireless  and  sen¬ 
sors,”  Hayes  says.  The  goal  is  to 
feed  performance  data  on  a 
machine  into  software  that  can 
predict  the  next  time  it  will  fail,  or 


have  alerts  relayed  to  other  sys¬ 
tems  that  can  react  —  such  as 
placing  a  service  call  or  shutting 
down  the  equipment. 

The  downside  of  this  technol¬ 
ogy  would  be  in  network¬ 
enabling  the  wrong  equipment  or 
not  setting  up  back-end  applica¬ 
tions  and  processes  to  handle  the 
data  produced  by  sensors  and 
interpret  it  meaningfully 

“A  [manufacturer]  might  say 
they  liked  it  the  old  wa>F  when 
people  with  experience  and  a 
keen  ear  could  tell  when  a 
machine  was  in  trouble,  Hayes 
says.  “They  may  not  like  all  this 
data  being  produced  because 
they  don’t  know  what  to  do  with 
it.  Process  change  and  event  plan¬ 
ning  needs  to  go  into  any  addition 
of  intelligence  on  a  machine,  oth¬ 
erwise,  it’s  just  wasted  money”  ■ 


Blue  Coat  couples  security, 
acceleration  on  appliance 


BY  DENISE  DUBIE 

Blue  Coat  Systems  this  week  is  set  to  announce 
software  that  it  will  load  onto  its  proxy  appliances  to 
let  enterprise  IT  managers  accelerate  encrypted  traf¬ 
fic,  one  of  several  technologies  the  company  has 
added  to  the  appliances  to  speed  WAN  traffic. 

Multiprotocol  Accelerated  Caching  Hierarchy 
(MACH5)  technology  is  scheduled  to  become  part 
of  the  operating  system  of  Blue  Coat’s  Proxy  SG 
appliance  next  month.  The  technology  addresses 
five  areas:  bandwidth  management,  protocol  opti¬ 
mization,  object  caching,  byte  caching  and  com¬ 
pression,  and  will  augment  the  appliances,  which 
perform  Web  filtering,  spyware  detection  and 
secure  content  scanning. 

Andrew  McKinney  director  of  technical  services  at 
Richardson  Partners  Financial  in  Toronto,  says  last 
year  he  started  to  investigate  acceleration  tools  from 
various  vendors  so  he  could  better  serve  traffic  from 
the  company’s  data  center  to  seven  distributed  loca¬ 
tions.  Ideally,  he  wanted  to  invest  in  a  product  that 
addressed  several  technologies,  such  as  caching, 
compression  and  SSL  acceleration. 

“Among  other  things,  we  wanted  to  incorporate 
caching,  [Common  Internet  File  System]  accelera¬ 
tion  and  filtering  out  of  unnecessary  Web  traffic,”  he 
says.“We  didn’t  want  a  point  solution.We  considered 
a  product  that  performed  multiple  tasks  vital  to  sup¬ 
porting  our  customers  and  business.” 

McKinney  says  he  has  two  SG  appliances  installed 
at  the  centralized  data  center  and  intends  to  roll  out 
more  in  the  coming  months  at  multiple  locations  to 
enable  the  acceleration  technologies. 

Blue  Coat  Proxy  SG  appliances  are  positioned 
between  users  on  a  network  and  the  Internet  and 


serve  as  a  central  point  of  control  over  Internet  traf¬ 
fic.  A  termination  point  for  Web  communications  on 
the  network,  the  appliance  can  apply  numerous  pol¬ 
icy-based  controls  to  Web  traffic  and  requests  before 
delivering  content  to  users. 

With  MACH5,  Blue  Coat  will  be  able  to  incorpo¬ 
rate  acceleration  prioritizations  into  the  policy 
engine,  and  compress  traffic  and  perform  byte 
caching,  which  involves  storing  frequently  used 
data  locally  and  sending  only  changed  elements 
over  wide-area  links. 

To  enable  some  acceleration  technologies,  such  as 
compression,  the  appliances  should  be  installed  on 
both  ends  of  a  WAN  link,  Blue  Coat  says.  To  speed 
encrypted  SSL  traffic,  Blue  Coat  creates  two  tunnels, 
one  between  an  SG  appliance  and  a  server  and  the 
other  between  an  SG  appliance  and  a  user. 

“That  means  we  can  accelerate  SSL  without  hav¬ 
ing  a  certificate  at  branch  locations  and  without 
raising  privacy  issues  about  unencrypted  traffic 
crossing  the  WAN,”  says  Chris  King,  product  market¬ 
ing  manager  at  Blue  Coat. 

“It  is  critical  we  accelerate  that  traffic,  but  it’s 
equally  vital  that  we  don’t  compromise  data  secu¬ 
rity  or  privacy  in  the  process,”  McKinney  says. 

The  technology  Blue  Coat  acquired  with  Ffermeo 
earlier  this  year  helps  with  secure  acceleration. 
The  primary  reason  for  that  deal  was  to  incorpo¬ 
rate  SSL  VPN  technology  into  the  Proxy  SG  appli¬ 
ance,  Blue  Coat  President  and  CEO  Brian  NeSmith 
said  at  the  time. 

Current  customers  with  Blue  Coat  SG  appliances 
can  get  the  MACH5  technology  as  a  software  up¬ 
grade.  For  new  customers,  low-end  SG  appliances 
start  at  about  $2,000.  ■ 
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Security  survey  sampler 

We  reviewed  those  surveys  made  public  by  a  handful  of  leading  network  security  companies 
over  the  past  two  years,  finding  the  number  of  surveys  cranked  out  nearly  doubled. 


Vendor 

Number  of 
surveys  for 
2004/2005 

Topics 

Arbor  Networks 

0/1 

Asked  ISPs  about  major  attacks  on  customers  and  how  they  defend  against  them. 

Green  Border 

0/1 

Determine  most  important  security  issues,  whether  restrictions  are  placed  on  Internet 
use,  and  whether  rolling  out  a  patch  "broke  or  caused  more  problems  than  it  solved." 

IGSA  Labs 

1/1 

Annual  survey  of  300  organizations  measures  anti-virus  software  use,  number  of  "virus  disasters.” 

Intervoice 

0/1 

Ascertain  Americans’  attitudes  about  identity  theft, 

Mazu  Networks 

0/1 

Profile  security  threats  at  200  mid-to-large-sized  enterprises. 

Mirapoint 

0/3 

Show  percentages  of  corporate  e-mail  sending  personal  messages. 

McAfee 

1/1 

Spam  prevalence;  concerns  about  viruses  and  spam;  need  for  an  “integrated  secure 
content  management  solution.” 

Proofpoint 

1/1 

Show  percentage  of  companies  using  employees  to  manually  scan  outbound  e-mail  for  compliance. 

Postini 

4/4 

Concerns  over  protecting  communications  channels  other  than  e-mail,  such  as  IM  and  VoIP 

PGP 

1/1 

To  show  the  high  cost  incurred  by  14  organizations  that  lost  confidential  customer  data. 

RSA  Security 

1/4 

Phishing,  Internet  Confidence  Index,  passwords,  e-commerce  confidence. 

Secure  Computing 

3/2 

Determine  how  businesses  address  security  risks,  need  for  unified  threat  management  appliance, 
patching  practices  in  firewalls,  business  attitudes  towards  security. 

SonicWall 

0/1 

Show  high  productivity  of  remote  workers  and  the  need  to  secure  their  communications. 

SurfControl 

2/2 

Use  of  corporate  e-mail  to  send  porn;  compliance  training:  spyware;  lack  of  IM  policies. 

Symantec 

4/1 

Incidents  of  phishing  attacks:  security  savviness  among  customers. 

Trend  Micro 

1/4 

Phishing  and  spyware  in  different  countries;  stress  caused  by  viruses,. junk  e-mail;  spyware. 

Vericept 

0/1 

Enterprise  concern  about  internal  security  threats. 

Vontu 

0/1 

163  companies  asked  about  data-security  breaches  and  insider  threats. 

Webroot 

1/2 

275  IT  managers  on  their  concern  about  spyware. 

WebSense 

1/1 

Annual  Web@Work  survey  to  ascertain  employee  surfing  habits  and  IT  managers' 
top  network  problems. 

Survey 

continued  from  page  1 

and  on  and  on. 

According  to  our  informal 
review  of  20  leading  security  ven¬ 
dors,  they  made  public  34  such 
surveys  last  year,  most  of  which 
were  conducted  by  third  parties 
on  behalf  of  the  vendors  (see 
graphic).  In  addition,  the  vast 
majority  of  them  issued  reports  — 
some  as  frequently  as  monthly  — 
derived  from  information  that 
their  products  collect  regarding 
distributed  DoS  attempts,  spam 
blasts,  phishing  attacks  and  the 
like.  While  vendors  say  these  sur¬ 
veys  and  reports  are  meant  to 
alert  IT  professionals  to  growing 
security  threats  and  to  help  ven¬ 
dors  determine  what  sorts  of 
products  customers  need,  in  fact 
they’re  creating  a  thick  layer  of 
fear,  uncertainty  and  doubt,  or 
FUD,  that  helps  sell  products  in  a 
market  that  IDC  says  totaled  $32.6 
billion  last  year  and  is  headed 
toward  $38.4  billion  this  year. 

For  example,  a  survey  of  603 
consumers  conducted  last 
October  by  Momentum  Research 
Group  on  behalf  of  RSA  Security 
showed  the  French  are  more  fear¬ 
ful  than  Germans  about  the  possi¬ 
bility  of  fraudulent  access  to  per¬ 
sonal  information  at  banking 
sites.  But  when  it  comes  to  fear  of 
identity  theft,  no  one  beats  Ameri¬ 
cans;  nine  out  of  10  have  heard  of 
it,  as  compared  with  only  one  in 
three  in  France  and  Germany 

RSA,  which  provides  products 
and  services  for  authentication 
and  anti-phishing,  says  in  its  press 
release  about  the  survey:  “The  key 
to  online  confidence  lies  at  the 
door  of  the  business  community 
—  meaning  that  it  is  imperative 
for  online  vendors  to  be  seen  tak¬ 
ing  appropriate  measures  to  pro¬ 
tect  their  customers’  interests.” 

“There’s  always  a  self-serving 
aspect  to  anything  a  vendor 
releases,”  says  Keith  Crosley,  direc¬ 
tor  of  market  development  with 
messaging  security  vendor  Proof- 
point,  which  does  a  few  surveys 
per  year.  "But  we  really  are  trying 
to  educate  markets  and  share 
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interesting  data  that  helps  people 
make  really  intelligent  decisions 
about  their  technology  invest¬ 
ments.” 

It’s  not  surprising  that  vendors 
use  survey  results  to  help  sell  their 
products,  often  paying  tens  of 
thousands  of  dollars  per  survey 
with  the  hopes  the  results  will  sup¬ 
port  the  need  for  their  offerings. 
(Those  that  contracted  profes¬ 
sional  firms  said  they  did  so 
because  the  size  and  quality  of 
each  sample  would  be  superior  to 
what  the  vendor  itself  could  come 
up  with,  and  therefore  produce 
more  accurate  results  that  would 
be  less  likely  perceived  as 
biased.)  But  security  vendors 
seem  to  be  particularly  fond  of 
publicizing  surveys  these  days, 
perhaps  because  there  are  very 
few  ways  to  gauge  just  how  secure 
a  PC  or  network  is  —  the  FUD  cre¬ 
ated  by  survey  results  sends  the 
message  that  you’re  never  secure 
enough. 

IBM,  which  offers  a  number  of 
hosted  security  services,  last  week 
released  results  of  a  survey  it 
sponsored,  conducted  by  Braun 
Research,  that  shows  84%  of  the 
600  IT  managers  surveyed  said 
they  believe  organized  criminal 
groups  with  technical  sophistica¬ 
tion  are  replacing  lone  hackers  as 
the  main  threat  from  the  outside. 

But  the  press  release  describing 
the  survey  questions  respondents’ 
ability  to  protect  themselves. 
According  to  IBM,  83%  of  respon¬ 
dents  “boast  that  they  have  ade¬ 
quate  safeguards  in  place  to  com¬ 
bat  organized  cybercrime.” 

The  message?  You’re  not  as 
secure  as  you  think  you  are. 

Be  afraid,  be  very  afraid 

One  security  company  recently 
attempted  to  quantify  just  how 
worried  IT  managers  should  be. 

Anti-malware  vendor  Web- 
Sense’s  sixth  annual  Web@Work 
survey,  conducted  by  Harris 
Interactive  and  released  last  May 
revealed  that  “one-quarter  of  IT 
decision-makers  feel  that  the  test 
of  protecting  their  company 
against  malicious  Internet  securi¬ 
ty  threats  is  more  stressful  than  a 
minor  car  accident.” 

It’s  difficult  to  ignore  the  steady 
stream  of  magazine  and  newspa¬ 
per  headlines  announcing  these 
survey  findings.  Network  World 
not  excluded.  Some  publications, 
including  ours,  conduct  their  own 
surveys  as  well  to  gauge  readers’ 
opinions  and  actions  regarding 
security. 


This  flood  of  security  headlines 
has  led  some  to  discount  many 
surveys  as  marketing  material.  Bill 
Boni,  vice  president  and  chief 
information  security  officer  at 
Motorola,  says  he  will  pay  some 
attention  to  surveys  if  they  appear 
to  show  validated  data  from 
responsible  sources. 

No  one  expects  a  vendor  to 
issue  a  press  release  touting  a  sur¬ 
vey  that  negates  the  need  for  its 
product,  but  this  selective  practice 
underscores  the  requirement  to 
consider  the  source. 

“Surveys  are  one  of  the  only 
benchmarks  you  can  use  to  make 
decisions  ...you’d  be  foolish  if  you 
didn’t  at  least  read  them," says  Jim 
Hite,  supervisor  of  network  ser¬ 
vices  and  central  operations  with 
Virginia’s  Prince  William  County 
schools.“But  you  have  to  consider 
that  the  manufacturer  wants  you 
to  buy  their  product,  so  you  have 
to  weigh  that.” 

If  a  vendor  sponsors  a  survey 
that  contradicts  its  own  product 
plans,  it’s  unlikely  we’ll  ever  know 
about  it.  Vericept,  a  small  compa¬ 
ny  with  products  focused  on  pre¬ 
venting  internal  threats,  last 


December  commissioned  its  first- 
ever  survey  conducted  by  Enter¬ 
prise  Management  Associates.The 
survey  asked  how  concerned  cor¬ 
porations  are  about  internal 
threats;  74%  said  the  risk  of  sensi¬ 
tive  corporate  information  leak¬ 
age  because  of  internal  personnel 
is  moderate  to  very  high. 

And  so,  the  company  publicized 
its  findings.  “If  we  found  people 
said  ‘internal  risk  is  never  a  prob¬ 
lem,’  or  that  ‘it  will  go  away  in  six 
months’  then  we  may  not  have 
published  it,”  says  Brett  Schklar, 
vice  president  of  marketing  with 
Vericept. 

Decisions,  decisions 

Some  IT  managers  use  these  sur¬ 
veys  to  help  open  the  company 
purse  strings  to  fund  new  security 
projects. 

“Reluctantly,  I  support  the  points 
many  of  these  surveys  are  mak¬ 
ing,  even  though  some  of  them 
make  you  cringe,”  because  they’re 
so  blatantly  oriented  toward  sell¬ 
ing  products,  says  Michael  Dean, 
director  of  IT  security  for  the  200 
K-12  schools  in  the  Palm  Beach 
County  School  District  in  Florida, 


which  support  a  high-speed  net¬ 
work  of  50,000  computers  for 
175,000  students  and  teaching 
staff. 

Surveys  are  designed  to  help  the 
sponsoring  vendors  make  deci¬ 
sions,  too. 

In  2004,  Proofpoint  considered 
bringing  to  market  an  outbound 
e-mail  compliance  product.  But 
first  the  company  sponsored  a 
survey  conducted  by  Forrester  Re¬ 
search  that  showed  43%  of  com¬ 
panies  sampled  used  employees 
to  scan  outbound  e-mail  for  con¬ 
fidentiality  breaches  or  intellectu¬ 
al  property  leaks.  Imagine  the 
time  and  cost  savings  of  automat¬ 
ing  this  process?  A  few  months 
later,  Proofpoint  released  an  out¬ 
bound  compliance  product. 

“The  volume  of  response  to  the 
survey  showed  us  there  was  a 
great  deal  of  interest, "Crosley  says. 
“If  there  was  no  interest  in  out¬ 
bound  e-mail  compliance,  we 
would  have  definitely  changed 
our  plans  with  respect  to  how 
quickly  we  created  the  product.” 

Sometimes  surveys  show  that 
security  threats  perpetuate 
See  Survey,  page  90 
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Grading  Software  Assurance 

Microsoft’s  Software  Assurance  (SA),  first  introduced  in 
2001,  caused  such  a  severe  customer  backlash  that  Microsoft 
twice  delayed  the  start  of  the  program.  Now,  five  years  later, 
the  program  is  an  accepted  reality  that  users  still  are  trying 
to  figure  out. 

Here  is  our  report  card  on  Microsoft’s  efforts. 

Easier  licensing  -  D 

There  are  fewer  options  to  choose  from,  but  users  say  3A  still  involves  a  complex 
process  of  figuring  out  when  or  if  to  purchase  3A  and  for  what  products  on  the  desktop 
and  server. 

Predictable  upgrade  cycles  -  B 

Introducing  of  interim  versions  of  products  under  the  Release  2  designator  put  more 
software  in  the  SA  pipeline,  but  delays  such  as  the  two-year  slip  in  SQL  Server  2005  left 
some  holding  expired  SA  contracts.  Microsoft  now  is  locking  some  products  and  feature 
sets  to  SA,  most  notably  Vista  Enterprise  with  its  BitLocker  Drive  Encryption  technology. 

Benefits  -  B 

Adding  features  to  training  vouchers,  support  options,  workshops  and  home-use  rights 
has  built  a  healthy  iist  of  benefits,  but  it's  not  one-size-fits-all,  and  many  users  say  only 
a  few  provide  any  additional  value. 

Unchanged  or  reduced  costs  -  C 

Microsoft  originally  predicted  that  80%  of  customers  would  see  costs  go  unchanged  or 
drop.  Independent  reports  indicate  that  percentage  has  not  been  reached,  but  there  has 
been  a  steady  improvement  in  the  leveling  off  of  costs. 

Upgrade  program  -  F 

In  a  May  2001  Microsoft  press  release,  SA  was  hailed  as  a  "simplified  approach  to 
upgrades."  Microsoft  today  says  product  upgrades  were  never  a  guarantee  when  SA 
replaced  specific  programs  just  for  upgrading,  and  it  has  now  backfilled  SA  with  a  grab 
bag  of  other  benefits  in  an  attempt  to  lessen  the  emphasis  on  upgrades. 

Adoption  -  C 

Customers  with  Enterprise  Agreements  and  Open  Value  licenses  get  SA  as  part  of  their 
contracts,  but  it  is  an  option  for  those  with  Open  and  Select  licenses.  Microsoft's  revenue 
numbers  don't  indicate  that  users  are  jumping  on  the  program. 


Licensing 

continued  from  page  1 

“With  SA,  the  gamble  now  is  on  a 
product-by-product  basis,  and  you 
have  to  be  cognizant  of  product 
life  cycles,  release  dates  and 
upgrades  to  new  versions.” 

Absent  that,  he  says,  users  open 
themselves  up  to  making  major 
financial  mistakes  that  can  run 
into  millions  of  dollars. 

“I  am  the  guy  who  is  cursed  with 
the  responsibility  of  becoming  an 
expert  on  Microsoft  licensing,”  he 
says. 

Amerada  Hess  has  found  carry¬ 
ing  SA  on  its  client  access  licenses 
(CAL)  provides  flexibility  in 
upgrading  software,  but  SA  for 
servers  is  purchased  only  if  the 
product’s  next  version  is  immi¬ 
nent. 

Defenbaugh  says  SAs  complexi¬ 


802.1  In 
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ty  is  born  out  of  more  product 
choices, rollout  scenarios  and  tim¬ 
ing  issues,  all  factors  that  have  not 
let  him  realize  SAs  promises  of 
reduced  licensing  costs. 

In  2001,  Microsoft  said  80%  of 
customers  would  see  costs  de¬ 
crease  or  remain  unchanged  with 
SA,  a  claim  users  disputed  with 
such  an  unprecedented  uproar 
that  the  program’s  start  was 
delayed  nearly  a  year. 

By  2004  only  40%  of  customers 
said  their  costs  had  decreased  or 
were  unchanged,  according  to 
The  Yankee  Group.  By  2005,  that 
figure  rose  to  62%. 

Laura  DiDio,  the  Yankee  analyst 
who  conducted  the  surveys,  says 
the  2005  jump  is  part  of  the  evi¬ 
dence  Microsoft  has  made  a  180- 
degree  turn  from  where  it  was 
four  years  ago  when  CEO  Steve 
Ballmer  admitted  the  licensing 


program  was  complex,  created 
economic  hardships  and  was  in 
need  of  additional  benefits. 

“Microsoft  is  becoming  more 
proactive  and  customer-centric,” 
DiDio  says.  She  says  Microsoft  has 
crafted  SA  to  help  users  from 
inception  and  planning  all  the 
way  through  to  transition  and 
migration.  “That  is  all  good  stuff. 
They  have  turned  a  boondoggle 
into  a  boon.” 

Since  2003  Microsoft  has  added 
nearly  20  benefits  to  SA,  including 
training  vouchers,  deployment 
guidelines,  home-use  rights,  disas¬ 
ter  recovery  options  and  techni¬ 
cal  support.  Last  week,  Microsoft 
expanded  SAs  training  voucher 
program, added  deployment  plan¬ 
ning  services,  workshops,  24/7 
phone  support  and  conversion  of 
SA  support  to  Premier  Support  for 
customers  with  those  contracts. 

“Customers  tell  us  they  want 
more  from  our  SA  maintenance 
offering,  which  is  why  we  are 
adding  additional  benefits,”  says 
Sunny  Jensen  Charlebois,  product 
manager  for  worldwide  licensing 
and  pricing  at  Microsoft 

But  many  customers  say  those 
benefits  provide  little  value  to 
them. 

“You  have  to  appreciate  the  fact 
they  have  ramped  up,  but  most  of 
this  stuff  we  have  never  touched,” 
says  Scott  Matthews,  CTO  of  Digi- 
tech  Systems,  a  software  develop¬ 
er  in  Greenwood  Village,  Colo.“We 
want  two  things:  upgrades  and 
quality  phone-based  technical 
support.” 

Amerada  Hess’  Defenbaugh 
echoes  those  sentiments  and  says 
he  has  had  no  use  for  SA  benefits 
until  last  week’s  link  of  SA  and 
Premier  Support,  which  could 
help  trim  some  costs. 

“SA  is  an  upgrade  program.  1  am 
paying  for  upgrades,”  he  says. 

When  SA  was  first  introduced  it 
was  billed  as  an  upgrade  pro¬ 
gram,  but  Microsoft  later  de- 
emphasized  upgrades, saying  they 
were  not  guaranteed  as  part  of  SA, 
which  is  purchased  per  product. 
The  programs  that  SA  replaced, 
including  an  enterprise  favorite 
called  Upgrade  Advantage,  were 
solely  designed  for  that  purpose, 
however. 

Product  delays  forced  Microsoft 
to  de-emphasize  upgrade  rights, 
including  a  two-year  slip  in  the 
shipment  of  SQL  Server  2005  that 
left  a  bitter  taste  in  the  mouths  of 
SA  subscribers  whose  contracts 
ran  out  before  the  product  was 
delivered. 


Those  missteps  are  contributors 
to  slow  adoption  of  SA,  a  fact  that 
is  borne  out  in  Microsoft’s  finan¬ 
cial  statements,  where  unearned 
revenue,  a  major  indicator  of  SA 
adoption,  initially  showed  major 
declines  quarter  after  quarter 
shortly  after  SA  was  introduced. 

“Those  quarter-over-quarter  de¬ 
clines  show  customers  were  not 
signing  up  for  SA,”  says  Paul 
DeGroot,  an  analyst  with  Direc¬ 
tions  on  Microsoft.  Microsoft  does¬ 
n’t  reveal  the  percentage  of  cus¬ 
tomers  who  opt  for  SA,  but  he  says 
the  rate  is  in  the  20%  to  30%  range 
for  customers  with  Open  and 
Select  volume  licensing  contracts. 
Those  customers  purchase  SA  as 
an  add-on  instead  of  getting  it 
included  in  their  deals,  as  is  the 
case  with  Enterprise  and  Open 
Value  contracts. 

“I  don’t  know  many  people  that 
would  keep  a  program  going  that 
only  had  a  30%  renewal  rate,”  De¬ 
Groot  says.  “So  I  would  have  to 
give  them  a  bad  grade  on  SA.” 

Customers  and  analysts  also  are 
taking  note  of  SA  changes  that 
link  specific  products  and  fea¬ 
tures  to  SA  enrollment  and  a  new 


Enterprise  CAL,  which  can  be  in¬ 
crementally  upgraded  to  support 
services  such  as  rights  manage¬ 
ment  and  security 

For  example,  the  Enterprise  ver¬ 
sion  of  Windows  Vista,  which  in¬ 
cludes  a  highly  touted  security  fea¬ 
ture  called  BitLocker  Drive  En¬ 
cryption  and  virtualization  tech¬ 
nology  will  be  available  only  to 
customers  with  SA  contracts.  In¬ 
terim  releases  of  existing  products 
such  as  Windows  Server  2003,  are 
available  for  free  to  SA  customers 
but  require  all  others  to  buy  a  full 
license. 

“I  consider  SA  to  be  seriously 
flawed  and  I  would  say  it  has  a 
number  of  fatai  flaws,”  DeGroot 
says.  He  says  those  include 
Microsoft  not  committing  to 
upgrades  as  part  of  SA,  reserving 
some  products  only  for  SA  cus¬ 
tomers  and  restricting  purchases 
of  SA  to  new  product  licenses. 
He  says  loosening  those  require¬ 
ments  could  foster  enrollment 
and  a  spike  in  unearned  revenue. 

“The  fact  is  that  SA  is  still  a  bet 
and  remains  a  problematic  pur¬ 
chase  choice  going  forward,”  he 
says.  ■ 


“1  have  serious  doubts  about  802.1  In’s  usefulness  and  effectiveness  in  a 
largely  uncontrolled,  shared,  roaming  airspace  such  as  a  college  cam¬ 
pus,”  says  John  Bucek,  executive  director  of  IT  at  Mount  Saint  Mary 
College  in  Newburgh,  N.Y The  college  has  a  campus-wide  802.11a  net- 
work.“I  would  have  to  see  some  test  results  using  802.1  In  in  a  multiple 
access-point  environment  before  I  would  buy  any  product  for  evaluation. 
All  of  the  pre-n  tests  that  I  have  seen  show  reasonable  performance  and 
range  improvements,  but  they  only  involve  one  access  point.That  may  be 
fine  for  home  or  small-business  use  but  not  for  a  campus  network.” 

Bucek  says  even  in  home  use,  the  current  crop  of  MIMO-based  prod¬ 
ucts  “appear  to  be  non-friendly  to  neighboring  802.1  lb/g  products.” 

As  it  voted  to  accept  the  draft  document,  the  1  In  Task  Group  created 
an  ad  hoc  subcommittee  to  tackle  that  problem.The  subcommittee  was 
spawned  out  of  a  contentious  battle  that  erupted  at  the  last  meeting. 

The  802.1  In  radios  will  be  able  to  run  in  20MHz  and  40MHz  channels, 
the  larger  channels  providing  more  throughput.  But  using  wider  chan¬ 
nels  in  the  2.4GHz  frequency  can  clobber  802.1  lb/g  devices, which  run 
in  20MHz  channels.The  ad  hoc  group  has  to  figure  out  whether  to  rec¬ 
ommend  one  or  several  mechanisms  to  avoid  this  problem,  and 
whether  to  make  them  mandatory  or  optional. 

Despite  enterprise  skepticism, analysts  predict  a  ready  market  for  even 
the  draft  802.1  In  products.These  will  make  up  about  15%  of  all  home 
WLAN  products  shipped  worldwide  this  year,  according  to  Dell’Oro 
Group. The  research  company  forecasts  that  by  2009  1  In  gear  will  have 
reached  90%  of  consumer  WLAN  shipments. 

Enterprise  buyers  will  be  slower  to  adopt,  Dell’Oro  says,  but  large-scale 
enterprise  deployments  will  pick  up  speed  throughout  2008  and  2009. 

“No  one  [in  the  enterprise]  should  be  delaying  purchase  of  existing 
WLAN  equipment,”  says  Craig  Mathias,  principal  with  Farpoint  Group. 
With  802.1  In  certain  to  be  compatible  with  802.1  lb/g  and  probably 
802.1  la  client  devices,  network  groups  can  phase  in  1 1  n  products  as 
part  of  their  periodic  three-  to  five-year  refreshment  of  WLAN  infra¬ 
structure,  he  says. 

The  new  standard  will  have  little  impact  on  network  design  or  infra¬ 
structure,  Mathias  predicts.  Although  802.1  In  will  reach  further  than 
today’s  WLANs,  Mathias  still  recommends  deploying  access  points 
densely  to  sustain  large  numbers  of  users, and  high  throughput. 

Planning  and  design  for  802. 1  In  deployment  requires  the  same  analy¬ 
sis  as  for  existing  WLANs,  he  says:  Clearly  identify  who  the  users  are, 
what  applications  they’re  using,  the  number  of  channels  needed  and 
whether  voice  traffic  will  be  added  in  the  future.  ■ 
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Nortel  Ethernet  Routing  Switch  5000  Series  "stacks" 
up  well  against  rivals  in  performance  tests 

Nortel  solution  forwards  nearly  1GX  more  frames  than  the  Cisco  solution  and  nearly 
twice  the  frames  of  the  HP  solution  in  an  eight-switch  stack  configuration 

AirTight  Networks'  wireless  intrusion  prevention  system  significantly 
outperforms  options  from  AirMagnet  and  Aruba  Networks 

SpectraGuard  Enterprise  wireless  IPS  detects  and  stops  100%  of  threats  launched  and  locates 
threats  with  a  high  degree  of  precision 

Nortel  Secure  Router  3120  demonstrates 
superior  DS3/T1  throughput 

Secure  Router  3120  demonstrates  wire-speed  performance  while  simultaneously  supporting  active 

QoS,  ACL  filters  and  NAT  services 

Nortel  Secure  Routers  dominate  in 
branch  office  T1  connectivity  tests 

Secure  Routers  1002  and  1004  achieve  wire- 
speed  performance  for  most  packet  sizes  tested 
while  also  supporting  active  QoS,  IPSec  VPN  and  stateful 
firewall  services  over  T1  fines 


Nfc?«TEl 


Symantec  blocks  attack  barrage,  struts  security 
performance  while  Cisco  and  NetScreen 
devices  lag  behind 


Blocks  100%  of  attacks  launched  from  two  industry-standard 
test  tools,  while  Cisco  and  Juniper  Networks  devices  tested 
straggled  with  attack  blockage 
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Tolly  Benchmarks  is  a  regular  advertising  supplement  that  highlights  innovative  and 
compelling  technology  research  conducted  by  The  Tolly  Group,  the  industry's  leading 
independent  testing  and  strategic  consulting  organization  based  in  Boca  Raton,  FL.  For 
more  information  on  any  of  the  products  or  technologies  covered  here,  visit  The  Tolly 
Group's  Web  site  at  http://www.tolly.com. 

info@tolly.com  phone  (561)  391-5610  fax  (561)  391-5810 


Nortel  Ethernet 

Routing  Switch  5000 
Series  "stacks"  up 

well  against  rivals 
in  performance  tests 


Sponsor:  Nortel 


•  Nortel  Ethernet  Routing  Switch  552048TRWR  (Running  switch  software  version  4.2U.004) 

•  Nortel  Ethernet  Routing  Switch  5530-24TFD  (Running  switch  software  version  4.2.0.004} 

•  Nortel  Ethernet  Routing  Switch  8600  (Running  switch  software  version  4.0. 1 .0} 

•  Cisco  Catalyst  3750G-48TS  (running  switch  software  version  12.2  (25}  SEB1) 

•  Cisco  Catalyst  3750G-48PS  (running  switch  software  version  12.2  (25)  SE81) 

m  •  Cisco  Catalyst  3750G  24T(,  itch  siort  %v  Sfc?>i  ,  *5 

•  Cisco  Catalyst  375QG-16TD-S  (running  switch  software  version  12.2  (25)  SEB1) 

•  Cisco  Catalyst  6500  (running  switch  software  version  12.2  (18)  SX05) 

•  HP  ProCurve  3400cl48G  (running  switch  software  version  M.08.86) 

•  HP  ProCurve  3400c1-24G  (running  switch  software  version  M.08.66} 

•  HP  ProCurve  9304M  (running  switch  software  version  07.8  00aT53) 

■  -  S§i!lu; 


Testing  window:  September  2005 


A  battery  of  performance  tests  commissioned  by 
Nortel  show  that  the  company's  Ethernet  Routing 
Switch  5000  Series  outperforms  rival  products 
from  Cisco  and  HP  to  provide  high-density  Gigabit 
Ethernet  desktop  connectivity  to  enterprise  cus¬ 
tomers'  wiring  closets. 

Tolly  Group  engineers  tested  24-  and  48-port  ver¬ 
sions  of  the  Nortel  Ethernet  Routing  Switch  5510, 
5520  and  5530  models  -  single  rack-unit  stack- 
able  Gigabit  Ethernet  (GbE)  Layer  3  routing 
switches.  Engineers  measured  the  performance 
and  resiliency  characteristics  of  the  Ethernet 
Routing  Switch  5000  series  switches  against 
Cisco  Systems,  Inc.  Catalyst  3750G  switches  and 
Hewlett-Packard  Co.  ProCurve  3400cl  switches. 


Layer  2  Stack  Resiliency  Comparison 
Impact  of  Stacked  Switch  Failures  on  Frame  Forwarding  Rate 
202  GbE  ports  in  an  8-Switch  Stack  with  64-byte  Frames  at  100%  Line-rate  Load 

as  Reported  by  Spirent  SmartFlow  4.60 
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Nortel 

Ethernet  Routing 
Switch  5000 


Cisco 

Catalyst  37S0G-48TS 


HP 

ProCurve  3400cl-48G 


Note: 

This  test  set-up  with  202  GbE  ports  was  chosen  due  to  competitive  equipment 
availability. 


Tests  show  that  the  Nortel  Switch  5510-48T  in  an 
eight-switch  stack  configuration  with  320  GbE 

•  Delivers  superior  stacking  performance 
of  up  to  640  Gbps  of  switching  capacity 
in  an  eight-unit  stack  of  Nortel  5500 
switches 

•  Achieves  line-rate  performance  of  202 
Gbps  frame-forwarding  in  an  eight-unit 
stack,  while  Cisco  and  HP  switches 
support  only  25.7  Gbps  and  114.7  Gbps 
respectively 

•  Demonstrates  36%  to  44%  less  average 
latency,  when  compared  to  Cisco  and  HP 
devices  tested 

•  Recovers  from  link  and  switch  outages 
almost  10X  faster  using  Nortel's  SMLT 
implementation  than  the  RSTP  implemen¬ 
tation  in  the  Cisco  Catalyst  and  HP 
ProCurve  solutions  tested 

•  Offers  the  lowest  cost  per  megabit  of 
throughput  among  the  switches  tested  at 
just  below  $90  versus  almost  $100  HP 

I  and  over  $300  for  Cisco 


ports  delivers  640  Gbps  of  switching  capacity  and 
320  Gbps  of  throughput. 

In  competitive  frame  forwarding  tests,  the  Nortel 
Ethernet  Routing  Switch  5000  solution  forwarded 
nearly  10X  more  frames  than  the  Cisco  solution 
tested,  and  nearly  twice  the  frames  of  the  HP 
solution  when  tested  across  202  GbE  ports  in  an 
eight-switch  stack  configuration. 

Engineers  tested  the  failover  times  of  the  Rapid 
Spanning  Tree  Protocol  (RSTP)  and  Nortel's  Split 
Multi-Link  Trunking  (SMLT)  technologies  in  the 
event  of  a  link  failure  and  a  switch  failure.  Nortel 
switches  demonstrated  the  fastest  failover  times 
during  a  link  failure  -  Nortel's  solution  using  SMLT 
failed  over  in  0.5  seconds  while  Cisco's  solution 


took  1.7  seconds  and  HP's  solution  took  3.1  sec¬ 
onds.  Nortel  also  held  a  distinct  advantage  in 
switch  failover  times. 

Regarding  ease  of  use,  Nortel's  SMLT  implementa¬ 
tion  required  fewer  number  of  CLI  commands  to 
configure  the  test  bed  compared  to  HP's  and 
Cisco’s  implementations  of  RSTP  -  a  total  of  60 
commands  to  configure  SMLT  versus  102  for  the 
HP  ProCurve  solution  and  156  for  the  Cisco 
Catalyst  solution. 

This  shows  that  Nortel's  SMLT  implementation 
requires  fewer  CLI  commands  to  configure  the 
test  bed  compared  to  HP's  and  Cisco's  implemen¬ 
tations  of  RSTP 


View  the  full  report  at: 

http://www.tolly.comfDocDetail.aspx?DocNumber=206106 


Ai  (Tight  Networks'  Wireless  Intrusion 

Prevention  System  significantly  outperforms 

options  from  AirMagnet  and  Aruba  Networks 


A  recent  white  paper  from  The  Tolly  Group  on  wireless  intrusion 
prevention  systems  shows  that  while  many  systems  promise  to 
detect  and  block  wireless  threats,  only  one  solution  tested  from 
AirTight  Networks  delivered  the  type  of  performance  and 
breadth  of  functionality  that  enterprises  need. 

The  Tolly  Group  assessed  the  capability  of  SpectraGuard 
Enterprise  to  detect  and  block  a  range  of  wireless  threats  -  from 
dealing  with  rogue  APs,  to  detection  and  prevention  of  access 
point  (AP)  MAC  address  spoofing,  to  detection  and  prevention  of 
Denial  of  Service  (DoS)  attacks,  and  several  others. 

Tolly  Group  engineers  measured  the  effectiveness  of  SpectraGuard 
Enterprise  against  two  other  products:  AirMagnet  inc.'s  AirMagnet 
Enterprise  and  Aruba  Networks  Aruba  Mobility  Controller.  AirTight 
Networks  commissioned  The  Tolly  Group  to  evaluate  all  three  prod¬ 
ucts;  the  results  are  documented  in  a  comprehensive  white  paper 
titled:  "Evaluating  Wireless  Intrusion  Prevention  Systems." 


Efficiency  of  Wireless  Intrusion  Prevention  Systems 
at  Detecting  and  Preventing  Threats 
with  Minimal  False  Alarms 


AirTight  AirMagnet  Aruba  Mobility 

SpectraGuard  Enterprise  Controller 

Enterprise 

Products  tested 


In  the  test,  24  different  wireless  threats  (or  groups  of  threats) 
were  thrown  at  all  three  systems.  The  results  show  that  AirTight's 
SpectraGuard  Enterprise  detected  all  24  threat  scenarios  launched  against 
the  networks,  blocked  unauthorized  traffic  and  prevented  threats  from  inflict¬ 
ing  network  damage  in  all  24  scenarios.  Competing  devices  were  not  nearly 
as  effective,  detecting  about  30%  fewer  threats,  and  preventing  only  about 
half  of  the  threats  from  operating  in  the  network. 


•  AirMagnet  Enterprise  could  not  stop  two  laptops  from  forming  an 
ad-hoc  network 

•  Only  AirTight  Networks'  SpectraGuard  Enterprise  product  allows  an 
enterprise  to  define  different  WiFi  security  policies  for  different  VLANs 
-  enabling  an  enterprise  to  have  guest  WiFi  access  in  one  portion  of  a 
building,  but  a  "no  WiFi  policy"  in  another  section. 


Some  of  the  interesting  data  results  include: 

•  Neither  Aruba  MobilityController  nor  AirMagnet  Enterprise  could  stop  a 
wireless  DoS  attack 

•  Aruba  Mobility  Controller  could  not  prevent  laptops  from  logging  onto 
external  networks 


Tests  prove  that  only  SpectraGuard  Enterprise  delivered 
three  basic  sets  of  functionality: 

•  Detecting  and  automatically  classifying  wireless  threats; 

•  Preventing  multiple  simultaneous  wireless  threats  while  continuing  to 
scan  for  new  threats;  and, 
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Nortel  Secure  Router  3120 

demonstrates  superior 

DS3/T1  throughput 


•  Secure  Router  3120  demonstrates  wire- 
speed  performance  while  simultaneous¬ 
ly  supporting  active  Quality  of  Service 
(QoS),  Access  Control  List  (ACL)  filters 
and  Network  Address  Translation  (NAT) 
services 

•  Delivers  more  than  double  the  through¬ 
put  of  the  Cisco  3825  and  as  much  as 
four  times  the  throughput  of  the  Cisco 
2821  when  tested  over  a  point-to-point 
DS3  link 

•  Outperforms  Cisco  2821  routers,  delivering 
more  than  4X  the  throughput  when  tested 
across  a  group  of  eight  point-to-point  T1 
connections 


Nortel  Secure  Router  3120  versus  Cisco  2821/Cisco  3825 

Full-Duplex,  1xDS3  PPP  WAN  Throughput 
Zero-Loss  Performance  with  QoS/ACL/NAT  Enabled 


Wide-area  network  routers  that  aggregate  traffic  M 

from  many  remote  sites,  especially  across  DS3  or 

multiple  T1/E1  links,  must  be  able  to  deliver  high 

throughput,  even  with  Quality  of  Service  (QoS),  Network  Address 

Translation  (NAT),  and  security  services  active  and  vying  for 

processor  cycles. 


128  256  512 

File  size  (Bytes) 

Testing  demonstrates  that  the  Nortel  Secure  Router  3120  possesses 
an  enormous  amount  of  processing  headroom  to  accommodate  net¬ 
work  services  while  simultaneously  offering  wire-speed  throughput. 


In  a  series  of  tests  commissioned  by  Nortel,  Tolly  Group  engineers 
measured  the  multilink  Point-to-Point  Protocol 
(PPP)  zero-loss  throughput  of 
the  modular  Nortel  Secure 
Router  3120  with  QoS,  NAT 
and  Access  Control  List  (ACL) 
features  enabled. 

Tests  show  that  the  Nortel  Secure  Router  3120  delivers  superior 
throughput  for  the  majority  of  packet  sizes  tested,  especially  with 
regards  to  smaller  packet  sizes  (64  bytes  to  256  bytes),  generally  deliv¬ 
ering  from  2X  to  4X  greater  throughput  than  the  Cisco  Systems  3825 
Integrated  Services  Router  and  2821  Integrated  Services  Router  tested. 


In  addition  to  delivering  wire-speed  packet  processing,  tests  show  that 
the  Secure  Router  3120  has  the  horsepower  to  simultaneously  handle 

QoS,  ACL  and  NAT  processing.  In 
head-to-head  testing,  the  Secure 
Router  3120  demonstrates  more 
than  double  the  throughput  of  the 
Cisco  3825  and  as  much  as  four  times  the 
throughput  of  the  Cisco  2821  over  a  DS3  link.  In  a  multiple  T1  sce¬ 
nario,  the  Secure  Router  3120  achieves  4X  more  throughput  than  the 


Cisco  2821. 

View  the  full  test  summary  at: 

http://www.tolly.com/Doc0etail.aspx7DocNumber  -  2051 46 


Document  number:  205146 


Products  under  test: 

•  Nortel  Secure  Router  3120  OS  Ver  9.0/BootROM  Ver.  T1002  09120 

•  Cisco  Systems  3825  Integrated  Services  Router  OS  Ver. 
12.4.2T1/BootR0M  Ver.  12.3(11r)T 
Cisco  Systems  2821  Integrated  Services  Router  OS  Ver. 

1 2.4.2T  1  /BootROM  Ver.  12.3(8r)T7 

For  more  info  on  this  test,  visit:  http://www.nortel.com 
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Nortel  Secure  Routers 

dominate  in  branch 

office  T1 

connectivity 

tests 


NORTEL  SR  1004  $  | 


Nortel  commissioned  The  Tolly  Group  to  eval¬ 
uate  the  Nortel  Secure  Router  1004  and 
Secure  Router  1002  wide-area  network 
routers  with  integrated  network  services  such 
as  Quality  of  Service  (QoS),  IPSec  VPN  with 
on-board  hardware  acceleration,  stateful  fire¬ 
wall,  Network  Address  Translation  (NAT)  and 
Access  Control  Lists  (ACLs)  for  enterprises 
and  service  providers. 

Tolly  Group  engineers  measured  the  multilink 
Point-to-Point  Protocol  (MLPPP)  zero-loss 
throughput  of  the  Secure  Router  1004  against 
Cisco  2811  and  Cisco  2821  routers,  with  QoS, 
NAT  and  ACL  features  enabled  in  a  scenario 
with  multilink  PPP  traffic  riding  over  four  TIs. 

Tests  show  that  the  Secure  Routers  1004/1002 
can  deliver  wire-speed  throughput  at  most  pack- 


•  Secure  Router  1004  operated  at  or  near 
wire-speed  throughput  and  outperformed 
Cisco  2811  and  2821  routers,  delivering  6X 
and  2X  more  throughput  respectively,  while 
simultaneously  supporting  active  QoS,  ACL 
filters  and  NAT  over  four  T1  lines 


•  Secure  Routers  1002  and  1004  demon¬ 
strated  wire-speed  performance  for  most 
packet  sizes  tested  while  simultaneously 
supporting  active  QoS,  IPSec  VPN  and 


•  Secure  Router  1004  consistently  outper¬ 
formed  the  Cisco  2811  for  all  packet  sizes 
tested,  especially  at  smaller  packet  sizes, 
when  tested  across  four  TIs  with  QoS,  IPSec 
VPN  and  stateful  firewall  services,  delivering 
3X  more  throughput  than  its  counterpart 


•  Secure  Router  1002  achieved  wire-speed 
throughput  at  all  packet  sizes,  while  perform¬ 
ance  of  Cisco  2811  and  1841  weaken  when 
handling  84- 128-  and  256-byte  packets  test¬ 
ed  across  two  TIs  with  QoS,  IPSec  VPN  and 
stateful  firewall  services 


et  sizes  tested,  while  simultaneously  processing 
a  combination  of  QoS,  NAT,  ACL  filters,  IPSec 
VPN  and  firewall  services. 

By  contrast,  tests  show  that  the  performance 
of  the  Cisco  1841/2811/2821  routers  sag  under 
the  processing  load,  especially  when  smaller, 
more  taxing  packet  sizes  come  into  play. 


Test  results  show  that  the  Secure  Routers  1004 
and  1002  deliver  superior  throughput  for  the 
majority  of  packet  sizes  tested,  especially  with 
regards  to  smaller  packet  sizes  (64  bytes  to  256 
bytes),  delivering  up  to  6.4X  greater  throughput 
than  the  Cisco  devices  tested. 

In  a  scenario  with  the  WAN  routers  supporting 
multilink  PPP  traffic  across  four  TIs,  the  Nortel 
Secure  Router  1004  delivered  zero-loss  aggre¬ 
gate  throughput  ranging  from  3.9  Mbps  at  64- 
byte  frames  to  6.2  Mbps  when  tested  at  51 2- 
byte  frames  with  QoS/VPN  and  firewall  services 
enabled.  By  contrast,  the  Cisco  2811  achieved 
throughput  ranging  from  1.1  Mbps  to  4.1  Mbps. 

In  a  scenario  with  WAN  routers  supporting  mul¬ 
tilink  PPP  traffic  across  two  TIs,  the  Nortel 
Secure  Router  1004  delivered  3.1  Mbps  across 
the  range  of  packet  sizes  tested.  By  contrast, 
the  Cisco  2811  and  Cisco  1841  routers  tested 
achieved  an  average  of  2  Mbps  and  1 .25  Mbps, 
respectively. 
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Products  under  test: 
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•  Nortel  Secure  Router  1004  OS  Ver  8.2.1/  BootROM  Ver.  T 1  k031 605 

•  Nortel  Secure  Router  1002  OS  Ver  8.2.1/  BootROM  Ver.  T1k031605 

•  Cisco  1841  Integrated  Services  Router  OS  Ver.  12.4.2T1/  BootROM  Ver.  12.3(8r)T8 

•  Cisco  2811  Integrated  Services  Router  OS  Ver.  12.4.2T1/  BootROM  Ver.  12.3(8r)T7 

•  Cisco  2821  Integrated  Services  Router  OS  Ver.  12.4.2T1/  BootROM  Ver.  12.3(8r)T7 


test,  v 


4XT1  Multilink  PPP  (MLPPP)  Aggregate  WAN 
Layer  3  Throughput  Zero-Loss  Performance  » Nortei  secure 
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For  more  info  on  this  test,  visit: 
http://www.tolly.com/DocDetail.aspx7DocNumber”  2051 43 
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The  rapid  evolution  of  network  technology  is  chal¬ 
lenging  network  managers  to  venture  into  uncharted  waters 
at  a  time  when  money  and  resources  are  stretched  tight. 

Let  The  Tolly  Group  collaborate  with  your  team  to  lever¬ 
age  existing  and  emerging  technologies  for  maximum 
return  on  investment. 

The  Tolly  Group  is  the  industry's  premiere  performance 
testing  and  hands-on  consulting  services  organization 
with  17+  years  of  experience  with  emerging  technologies. 
Tolly  Group  executives  maintain  relationships  with  key 
executive  management,  CTOs,  engineers,  and  system 
architects  of  many  vendors. 

Our  knowledge  of  equipment,  software  and  tools,  will 
reduce  your  learning  curve  and  speed  deployment  of  new 
technology. 

Tolly  Group  executives  have  originated  from  the  user 
ranks,  like  you,  and  over  the  years  gained  the  experience 
to  understand  your  issues.  The  Tolly  Group  is  100%  inde¬ 
pendent  and  guards  its  objectivity  and  neutrality  carefully. 
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TOLLY 

FAIR  TESTING 
♦CHARTER* 


End-user  services  include: 

•  Wireless  LAN  performance/intrusion 

•  VolP/Video/Data  convergence 

•  Security  -  Intrusion 

•  Storage  -  Fibre  Channel,  iSCSI,  etc 

•  Messaging 

•  LAN  switching 

Contact  The  Tolly  Group  TODAY.  You've  got  everything 
to  gain. 

Visit  www.tolly.com 


Contact  Joe  Lombardo  at: 

Phone:  (561)  391-5610  ext.  196 
E-mail:  Joe.Lombardo@tolly.com 


Symantec  blocks  attack  barrage, 
struts  security  performance  while  Cisco 

and  NetScreen  devices  lag  behind 


Percentage  of  Attacks  Blocked  by  Symantec  Gateway  Security  Ver.  3.0 
versus  Cisco  Adaptive  Security  Appliance  5520 
and  Juniper  NetScreen-500 
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Core  Impact  5.0 
(32  attacks  tested) 


Nessus  Open  Source  Vulnerability 
Scanner  2.2.4 
(56  attacks  tested) 

Test  tool  and  number  of  attacks  tested 


•  Symantec  Gateway  yp  Cisco  Adaptive  y|  Cisco  Adaptive 
Security  Ver.  3.0  K:  Security  Appliance  w  Security  Applia 


5520 

In  today's  market  for  multifunction  security 
gateways,  it  is  important  to  look  beyond  raw 
throughput  capabilities  to  understand  the 
broader  device  security  provided  by  attack 
detection  and  blockage,  anti-virus  capabilities, 
intrusion  prevention  capabilities,  connections 
per-second  supported  and  other  embedded 
security  functions. 


•  Blocks  100%  of  the  attacks  launched 
from  two  industry-standard  test  tools, 
while  the  Cisco  and  Juniper 
Networks  devices  tested  struggled 
with  attack  blockage 

•  Delivers  almost  3X  the  firewall 
throughput  compared  to  the  Juniper 
device  tested,  even  while  processing 
50  rules 

•  Provides  users  with  greater  manage¬ 
ment  information  through  the 
Security  Gateway  Management 
Interface  (SGMI)  than  available  to 
users  from  t  e  Cisco  or  Juniper 
devices 


Sponsor:  Symantec  Corp.  \ _ 

Document  number:  206108 
Product  class: 

Unified  threat  management  appliance 
Products  under  test: 

•  Symantec  Gateway  Security, 

Version  3.0,  HW  Model:  5660 

•  Cisco  Systems,  Inc.  Adaptive 
Security  Appliance  5520  ver  7.0(1), 
Device  Manager  Version  5.0(1) 

•  Juniper  Networks,  Inc.  NetScreen-500 
ver.  5.2.0  r2.0 

Testing  window: 

September  through  November  2005 

For  more  info  on  this  test  visit 
http://www.syiTiantec.com 


uwvu  nua|niv& 

Security  Appliance 
5520 

Symantec  Corp.'s  Symantec  Gateway 
Security  (SGS)  Version  3.0  software  blocked 
100%  of  a  battery  of  attacks  launched,  while 
competing  devices  from  Cisco  Systems  and 
NetScreen  blocked  only  a  subset  of  the  attacks 
in  each  scenario,  in  tests  commissioned  by 
Symantec. 

Test  results  provided  in  this  report  identify  over 
200  single  and  blended  threat  attacks/vulnera¬ 
bilities  that  the  Symantec  gateway  blocked 
while  Juniper  and  Cisco  gateways  faltered  in 
fully  protecting  against  all  of  the  attacks. 

From  a  firewall  throughput  perspective,  the 
Symantec  Gateway  Security  5660  delivered 
about  three  times  more  throughput  than  other 
devices  tested,  even  while  processing  50  secu¬ 
rity  rules.  The  Symantec  Gateway  Security 
5660  achieved  the  highest  throughput  2.1 
Gbps  for  1,518-byte  packets  versus  725 


Mbps  for  the  Juniper  NetScreen-500  for 
1,518-byte  packets. 

Tests  also  show  the  Symantec  Gateway 
Security  5660  achieves  three  times  the  con¬ 
nection  rate  than  the  Juniper  NetScreen-500 
tested  and  delivers  a  more  detailed  graphical 
user  interface. 

Symantec's  Security  Gateway  Management 
Interface  (SGMI)  presented  all  of  the 
critical  functionalities  of  the  device  in  logical 
groups  and  was  extremely  informative.  The 
SGMI  offered  explanations  of  each  major  sub¬ 
category  with  links  to  help  pages  with  even 
more  detailed  information.  This  is  in  contrast 
to  the  user  interfaces  of  the  Cisco  and 
Juniper  devices  tested,  which  do  not  provide 
as  much  readily  accessible  information  about 
various  configuration,  monitoring  and  mainte¬ 
nance  options  available  on  each  device. 

View  the  full  Test  Summary  at: 
http://www.tolly.com/DocDetail. 
aspx?DocNumber=206108 
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Google 

continued  from  page  1 

Google-watchers  are  speculating  the  com¬ 
pany  wants  to  leverage  its  vast  knowledge 
of  user  surfing  habits  with  its  fiber  back¬ 
bone  to  become  an  ISP  that  can  offer  a 
faster  Internet  experience  than  the  tradi¬ 
tional  players.  After  all,  if  you  were  a  com¬ 
pany  doing  e-commerce,  wouldn’t  you 
want  your  site  hosted  by  or  running  over, 
the  fastest  network? 

But  others  doubt  Google  would  want  to 
barge  into  the  already  mature  and  less  than 
lucrative  ISP  or  Web-hosting  markets. 

Still,  Google’s  deep  pockets,  Internet 
expertise  and  newly  acquired  fiber  play 
into  other,  more  interesting  scenarios, 
which  may  change  the  way  we  use  the 
Internet. 

Perhaps  Google  is  lining  itself  up  to 
become  a  major  player  in  the  premium 
content-delivery  game,  as  attested  to  by  its 
recent  unveiling  of  Google  Video  and 
Google  Web  Accelerator. 

Or  maybe  its  investment  in  the  peer-to- 
peer  Wi-Fi  company  FON,  plus  its  bid  to 
provide  municipal  Wi-Fi  in  San  Francisco, 
means  it’s  toying  with  the  idea  of  becom¬ 
ing  a  wireless  ISPStrategicallythis  would  be 
a  defensive  maneuver  to  prevent  cable 
companies  and  RBOCs  from  monopoliz¬ 
ing  Web  access. 

Or  it  could  be  sticking  to  its  current  busi¬ 
ness  model  whereby  more  consumers  on 
the  Internet  translates  into  more  ad  dol¬ 
lars  for  Google.  If  so,  its  goal  is  to  ensure 
free  (or  nearly  free)  access  to  the  entire 
realm  of  Web  content,  leaving  expensive, 
premium  access  to  the  Verizons  and 
Comcasts  of  the  world. 

First  the  facts 

Google  has  leased  an  estimated  311,000 
square  feet  of  space  at  1 1 1  Eighth  Ave.,one 
of  the  largest  carrier  hotels  in  Manhattan, 
according  to  published  reports. 

The  company  also  confirms  it  is  buying 
up  dark  fiber,  hiring  network  experts  and 
making  other  net-centric  investments,  but  it 
says  it  is  only  trying  to  build  out  its  own 
internal  infrastructure. 

“We  don’t  have  any  plans  to  announce 
about  becoming  an  ISP”  says  Google 
spokesman  Nathan  Tyler,  via  email.  “We 
often  do  get  questions  about  dark  fiber  to 
which  we  respond  with:  Google  is  one  of 
the  larger  sites  on  the  Internet,  and  our 
operation  requires  a  significant  network 
component.lt  is  common  in  the  industry  to 
use  a  combination  of  different  products  — 
such  as  fiber,  leased  lines  and  ISP  band¬ 
width  —  to  implement  networks  and  thus  it 
should  not  come  as  a  surprise  that  we  have 
been  looking  into  these  areas.” 

The  experts  agree  that  Google  could  be 
using  the  flurry  of  fiber  and  network  acqui¬ 
sitions  to  support  its  own  business. 

“Google  is  a  huge  company,  and  it’s  get¬ 
ting  bigger?  says  Jeff  Kagan,  an  indepen- 


What’s  going  on  at  Google? 

The  company  is  keeping  plans  to 
expand  beyond  search  close  to  the 
vest,  but  here's  what  we  do  know  it 
has  done: 

•  Leased  an  estimated  311,000  square  feet  of 
space  at  a  large  carrier  hotel  in  Manhattan. 

•  Been  shopping  for  dark  fiber  across  the 
country  and  has  posted  job  openings  for 
people  with  expertise  in  negotiating  such  deals. 

•  Invested  in  peer-to-peer  Wi-Fi  company  FON. 

•  Bid  to  build  a  municipal  Wi-Fi  system  in  San 
Francisco. 


dent  telecom  analyst.  “It  has  its  own  net¬ 
works  that  are  linking  its  operations  cen¬ 
ters  all  over  the  place,  across  cities,  from 
coast  to  coast.  The  dark  fiber  could  be  a 
way  of  delivering  increased  services  to  cus¬ 
tomers,  but  it  could  also  just  be  for  their 
own  internal  operations.” 

Like  any  big  company,  Google’s  invest¬ 
ment  in  its  own  private  network  makes  eco¬ 
nomic  sense. 

“It’s  obviously  trying  to  reduce  its  own 
dependence  on  the  ISPs  for  its  own  internal 
purposes  at  least,”  says  Fred  Goldstein,  prin¬ 
cipal  at  Ionary  Consulting.  “They’ve  built 
their  own  backbone  network.  They  bought 
the  fiber,  and  this  way  they  become  much 
more  self-contained  and  self-reliant.” 

But  if  that’s  the  sole  reason,  why  the 
concentration  in  major  metropolitan 
areas?  And  why  all  the  investment  in  wire¬ 
less?  How  do  these  initiatives  play  into 
Google’s  stance  on  network  neutrality  and 
its  relationship  to  the  RBOCs  and  the 
cable  companies?  Google  declined  to 
respond  to  these  queries,  but  here’s  what 
the  experts  think. 

Google,  the  premium  content  provider 

One  theory,  proffered  by  Thomas  Nolle, 
president  of  CIMI,  a  telecom  consultancy  is 
that  Google  is  building  out  its  own  parallel 
Internet,  something  he  terms  “FbrtalNet.” 
The  idea  is  that  the  advertising  business  is 
bound  to  level  off  eventually  and  Google, 
seeing  the  writing  on  the  wall,  is  gearing  up 
to  enter  the  more  lucrative  business  of  pre¬ 
mium  content  delivery 

(In  fact,  Google’s  stock  went  into  a  brief 
tailspin  last  month  when  the  company 
announced  that  growth  in  advertising  rev¬ 
enue  —  which  accounts  for  97%  of  Google 
revenue  —  is  slowing  down.) 

Or,  as  Google  CFO  George  Reyes  put  it 
recently,  the  company  needs  to  find  “new 
ways  to  monetize  the  business.” 

The  key  to  making  money  selling  content, 
however,  is  ensuring  premium  delivery  And 
that’s  where  the  dark  fiber  comes  in. 

“FbrtalNet  is  a  fiber-based  network  that 
essentially  parallels  the  Internet  and  deliv¬ 
ers  Google  content  directly  to  the  edge  of 


the  access  network,  bypassing  all  of  the 
Internet  peering  arrangements,”  Nolle  says. 
“So  Google  can  create  a  premium  infra¬ 
structure  that  can  deliver  videos  to  the 
access  edge  better  than  the  Internet  can, 
which  means  that  Google  then  is  prefer- 
enced  in  the  content  battle.” 

Nolle  says  Google’s  forays  into  wireless 
are  designed  to  keep  the  idea  of  alternative 
access  alive  in  the  hearts  and  minds  of  con¬ 
sumers.  “Google  and  Skype  are  trying  to 
raise  the  profile  of  alternative  access,”  he 
says.This  way  they  can  dangle  the  threat  of 
bypass  over  the  access  providers’  heads 
and  probably  reduce  the  likelihood  that 
access  providers  will  upgrade  their  infra¬ 
structures  and  become  strong  competitors. 

Nolle  discounts  the  idea  that  wireless  is  a 
legitimate  alternative  to  cable  and  DSL  for 
delivering  premium  content.“If  you’ve  ever 
used  a  wireless  LAN  in  a  hotel,  for  exam¬ 
ple,  you  know  darn  well  that  you  could 
never  make  content  work  over  that.”  Even 
WiMAX  won’t  be  adequate,  he  says.  “It’s  a 
shared  facility,  and  shared  facilities  don’t 
do  well  with  high-QoS  applications.  If  1  had 
10  people  doing  [high-definition  televi¬ 
sion]  delivery,  I’d  blow  a  50Mbps  network.” 

Google,  the  white  knight  WISP 

Others  beg  to  differ.  Goldstein  sees  wire¬ 
less  as  a  viable  option  for  Google  in  its 
battle  to  ensure  non-commercial  com¬ 
mon  access  to  Internet  content.  “Google 
recognizes  that  as  a  search  engine,  the 
value  of  their  search  is  really  capped 


BY  JENNIFER  MEARS 

Red  Hat  last  week  laid  out  its  strategy  to 
make  it  easier  for  customers  to  run  and 
manage  their  workloads  in  a  virtualized 
Linux  environment. 

Red  Hat  executives  say  they  are  working 
to  provide  a  single,  integrated  Linux  plat¬ 
form  supporting  virtualization.  The  com¬ 
pany  also  announced  an  online  resource 
center  to  help  customers  prepare  for  virtu¬ 
alized  environments. 

A  preview  of  Red  Hat’s  upcoming  tech¬ 
nologies,  which  includes  the  integration  of 
open  source  Xen  virtualization  software, 
will  be  available  this  month  in  Red  Hat’s 
community-driven  Fedora  project,  when 
the  Fedora  5  core  is  released. 

Red  Hat  expects  to  make  those  inte¬ 
grated  virtualization  technologies  avail¬ 
able  this  summer  in  a  beta  release  of  Red 
Hat  Enterprise  Linux  5,  and  at  the  same 
time  deliver  a  set  of  migration,  assess¬ 
ment  and  planning  services  for  virtual¬ 
ized  environments. 

The  general  release  of  Red  Hat  Enter- 


by  accessibility  to  everything  being 
searched,”  Goldstein  says. 

He  says  the  call  by  the  RBOCs  and  cable 
providers  to  charge  certain  service  pro¬ 
viders  like  Google  more  for  delivering  their 
“premium”  services  creates  a  “walled  gar¬ 
den”  version  of  the  Internet.The  RBOCs  and 
cable  companies  might  offer  high-quality 
service  but  would  offer  access  only  to  the 
specific  sites  that  agree  to  pay  extra. 

“You  don’t  need  much  of  a  search  in  a 
walled  garden,  so  the  whole  raison  d’etre 
behind  the  core  of  Googles  business  is 
seriously  jeopardized  by  this  sort  of 
approach,”  he  says. 

As  a  defensive  measure,  then,  Google 
might  set  out  to  build  a  nationwide  wireless 
access  network,  in  direct  competition  with 
the  RBOCs  and  cable  companies.  High- 
quality  service  is  possible  with  WiMAX, 
Goldstein  says,  but  only  if  licensed  spec¬ 
trum  is  available  to  ensure  it.  And  that’s 
something  that  will  become  available  in 
June,  when  the  government  auctions  off  its 
Advanced  Wireless  Services  band  (1.7GHz 
to  2.1GHz)  and  offers  it  to  civilian  use. 

“What  if  Google  decided  to  go  to  this  auc¬ 
tion  and  pick  up  10MHz  of  spectrum  every¬ 
where,”  Goldstein  says.  “They  could  proba¬ 
bly  get  a  10MHz  nationwide  license  on  the 
order  of  $2  billion  or  $3  billion.  There  are 
not  a  lot  of  companies  who  can  just  shell 
out  that  kind  of  money  and  hand  it  to  the 
government,  but  Google  could.” 

He  says  Google  could  then  franchise  the 
See  Google,  page  18 


prise  Linux  5,  which  will  include  fully  in¬ 
tegrated  virtualization  capabilities,  is 
expected  by  year-end. 

“Rather  than  put  out  a  path  and  create  a 
specific  virtualization  stack, we’re  taking  the 
virtualization  capability  and  technology 
and  integrating  it  into  what  you  know  as  the 
enterprise  Linux  platform  today’  says  Red 
Hat  CTO  Brian  Stevens. 

Virtualization  is  gaining  wider  adoption 
in  data  centers  as  IT  managers  look  for 
ways  to  get  more  out  of  hardware 
resources,  analysts  say. The  idea  of  separat¬ 
ing  software  and  services  from  underlying 
hardware  has  long  been  used  on  main¬ 
frames  and  high-end  Unix  systems,  but 
companies,  such  as  market  leader 
VMware,  are  making  virtualization  possi¬ 
ble  on  x86  systems. 

Red  Hat  says  virtualization  is  a  key  focus 
moving  forward.  Novell  also  is  focusing  on 
virtualization  and  plans  native  support  for 
Xen  virtualization  technology  in  the  next 
release  of  SuSE  Linux  Enterprise  Server, 
slated  for  May  ■ 


Red  Hat  lays  out  plans 
for  virtualization 
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Microsoft  focusing  on  small  business 


BY  JOHN  FONTANA 

During  Microsoft’s  first  summit 
for  its  small-business  customers 
last  week,  the  company  showed 
off  the  forthcoming  upgrade  to 
its  Small  Business  Server  2003 
that  includes  new  health  and 
maintenance  tools. 

This  summer  Microsoft  plans  to 
ship  Small  Business  Server  (SBS) 
2003  Release  2,  which  includes 
incremental  upgrades  to  the  8- 
year-old  platform. 

The  new  SBS  2003  release  is  a 
bundle  of  Microsoft  servers,  desk¬ 
top  applications  and  design 
tools.  The  Standard  Edition, 
which  is  priced  at  $599,  includes 
Windows  Server  2003,  Exchange 
Server  2003  and  Outlook  2003, 
along  with  five  client  access 
licenses.  The  Premium  Edition, 
which  is  priced  at  $1,500,  adds 


SQL  Server  2005,  Internet 
Security  and  Acceleration  Server 
2004  and  FrontPage  2003. 

With  Release  2,  Microsoft  is 
adding  Green  Check,  a  feature  on 
the  GUI  console  that  checks  the 
server  and  all  connected  desk¬ 
tops.  A  green  check  mark  shows 
users  that  patches  and  other  soft¬ 
ware  are  up-to-date.  A  yellow 
check  mark  indicates  patches 
and  updates  are  needed  and  the 
server  provides  pointers  to  those 
resources.  The  Green  Check  fea¬ 
ture  also  provides  users  with  a 
daily  e-mail  updating  the  status 
of  the  server. 

“If  you  see  the  green  check  you 
know  that  everything  is  good, ’’says 
Steven  VanRoekel,  senior  director 
of  Microsoft’s  Windows  Server 
Solutions  team. 

In  addition,  Microsoft  is  increas¬ 


ing  the  mailbox  limits  on  Release 
2  from  16GB  to  75GB.  Microsoft 
also  will  update  the  database 
component  by  replacing  the  cur¬ 
rent  SQL  Server  2000  Standard 
Edition  with  SQL  Server  2005 
Workgroup  Edition. 

“This  is  a  minor  upgrade  that 
gets  users  on  to  SQL  Server  2005,” 
says  Peter  Pawlak,  an  analyst  with 
research  firm  Directions  on 
Microsoft:  “The  next  [upgrade]  is 
the  big  one,  and  that  will  be  pretty 
important.”  Pawlak  says  word  is 
that  the  platform  will  be  64-bit 
only  “There  will  be  some  interest¬ 
ing  questions  around  how  cus¬ 
tomers  get  from  here  to  there. 
Microsoft  is  coming  up  with  some 
new  tools  to  help  users  make  that 
transition,”  he  says. 

Release  2  is  expected  to  be  fol¬ 
lowed  next  year  by  another 


release  code-named  Cougar, 
which  will  make  Longhorn 
Server  the  foundation  of  SBS  and 
more  tightly  integrate  it  with 
Office  2007  and  the  Vista  client 
operating  system. 

To  help  customers  upgrading  to 
Release  2,  the  company  says 
Microsoft  Financing  will  lower  its 
minimum  transaction  deal  from 
$10,000  to  $3,000  and  offer  a  36- 
month  loan  option  and  a  90day 
deferred  payment  promotion. 

Microsoft  has  yet  to  set  pricing 
on  Release  2,  but  users  with 
Software  Assurance  mainte¬ 
nance  will  get  the  update  as  part 
of  their  contracts. 

The  Microsoft  Small  Business 
Summit  attracted  500  users  to  a 
live  event  last  week,  according  to 
Microsoft,  and  another  10,000  to  a 
series  of  Webcasts.  ■ 


Google 

continued  from  page  17 

spectrum  to  smaller  wireless  ISPs,  which 
pledge  to  meet  Google’s  standards,  and  link 
everything  up  with  its  new  fiber  backbone  — 
resulting  in  a  nationwide  access  network. The 
kicker  is  that  Google  doesn’t  need  to  make 
money  on  the  endeavor. “The  point  of  doing  it, 
as  a  business  proposition,  is  it’s  not  there  to 
make  a  lot  of  money  It’s  there  to  keep  the  big 
boys  honest,”  he  says. 

Google,  the  free  Web 

Others  say  wireless  networks,  especially  the 
metropolitan  networks,  do  indeed  come  into 
play  and  that  Google  is  leveraging  —  not  aban¬ 
doning  —  its  ad-based  business  model. 

“Once  you  get  involved  in  the  ad-based  busi¬ 
ness  model,  you  see  that  the  mathematics  are 
just  unbelievable  from  a  revenue  and  a  prof¬ 
itability  standpoint,”  says  Frank  Dzubeck,  presi¬ 
dent  of  Communication  Network  Architects. 
He  notes  that  with  countries  around  the  world 
such  as  Korea,  Germany,  Japan  and  China 
beginning  to  embrace  the  ad  model, that  math 
won’t  change  anytime  soon.  “That’s  why 
Google  is  growing  like  crazy’ 

The  issue  for  Google  is  to  provide  as  many 
people  as  possible  with  access,  even  free 
access,  to  the  Internet  because  that’s  how  it 
gets  paid  —  a  notion  that  is  in  direct  oppo¬ 
sition  to  the  business  model  of  the  RBOCs 
and  cable  companies,  which  make  money 
on  access  fees. 

Dzubeck  says  what’s  behind  Google’s  dark 
fiber  and  network  purchases  is  this  idea  of 
metropolitan  wireless  networks. 

“The  expenditures  that  are  required  to  build 
a  wireless  Wi-Fi  or  WiMAX  network  for  a  met¬ 
ropolitan  structure  are  a  lot  less  than  they  are 
required  to  build  a  wireline  base,”  Dzubeck 


says.  “When  AT&T  did  their  WiMAX  tests  and 
trials  in  Manhattan,  the  deployment  was  unbe¬ 
lievably  simple.  All  they  did  was  put  [the 
radios]  on  top  of  the  tall  buildings  and  then 
drop  the  fiber  right  down  to  the  fiber  nodes 
they  had.  It  was  beautiful.” 

While  Nolle  questions  whether  metropolitan 
wireless  can  offer  enough  bandwidth  for 
advanced  services,  Dzubeck  maintains  that 
“the  service  is  comparable.”  And  the  number 
of  base  stations  and  radios  necessary  are  far 
less  than  most  people  think,  Dzubeck  says. 
“Intel  says  you  only  need  eight  base  stations 
for  San  Francisco,  which  has  a  population  of 
about  800,000.  So  that’s  100,000  people  per 
base  station,”  he  says. 

The  dark  fiber  comes  into  play  to  connect 
the  nodes  cross-country.  He  notes  that 
Google  won’t  necessarily  need  to  build  these 
metropolitan  networks  itself,  but  instead, 
municipalities  will  or  other  Internet  power¬ 
houses  such  as  Yahoo,  Microsoft  and  eBay 
will  step  up  to  the  plate  to  fund  them. These 
next-generation  companies  all  make  more 
money  when  more  consumers  access  their 
services,  so  in  the  end,  it  will  be  seen  as  just 
a  cost  of  sales,  he  says. 

Once  these  metropolitan  networks  are  in 
place, sometime  around  2008,  they  will  change 
the  economic  structure  of  the  Internet,  he  says. 
“If  a  metro  net  goes  in  and  you’re  able  to  get 
reasonable  access,  let’s  say  2Mbps,  why  would 
you  pay  for  DSL  or  a  cable  connection  to  your 
house?”  Dzubeck  says. 

In  the  end,  the  Internet  will  be  available 
for  free  (on  the  ad  model),  just  as  network 
television  used  to  be  free,  in  the  good  old 
pre-pay  TV  days. 

Google  and  the  other  next-generation 
companies  figure  they  will  take  the  far 
larger  free  market,  which  might  not  provide 
the  most  premium,  optimum  service,  and 


leave  the  smaller  high-quality  marketplace 
to  the  RBOCs  and  cable  companies. 

“When  you  want  to  pay  for  quality  you’ll  end 
up  doing  it,”  he  says.  “You  want  content  deliv¬ 
ered  to  your  home  theater?  Fine,  you  get  it 
delivered  by  the  RBOCs.  But  if  you  just  want 
something  down-and-dirty  in  a  train  or  in  a 
car,  to  have  the  kids  look  at  something  in  the 
back  seat, you’ll  take  it  free  off  the  ’Net.  Google 
still  makes  out  there,  because  they  have  the 
search  engine  for  all  those  videos.” 

And  once  people  can  connect  to  the 
Internet  wirelessly  and  for  free  in  any  major 
metropolitan  area  across  the  country,  the 
revenue-generating  possibilities  of  a  com¬ 
pany  such  as  Google  explode.  This  is  what’s 
behind  the  company’s  new  initiatives  such 
as  Google  Mobile,  Google  Local  and  Google 
Earth,  he  says. 

But  what  are  they  doing  really? 

Of  course,  people  can  speculate  all  they 
want,  but  no  one  knows  for  sure  what  Google’s 
vision  is.  The  one  sure  thing  is  that  whatever 
Google  decides  to  do,  it  has  the  money  and  the 
clout  to  make  a  big  splash. 

“Google  is  really  important,  because  we 
have  to  assume  that  for  all  the  debate  on  net 
neutrality,  we’re  not  going  to  see  any  mean¬ 
ingful  change  of  public  policy?’  Nolle  says.“So 
this  issue  of  the  balance  of  power  between 
the  access  carriers  and  the  Internet  commu¬ 
nity  will  get  resolved  in  the  commercial  mar¬ 
ketplace,  and  in  that  marketplace  Google  is 
the  900-pound  gorilla.  What  everybody  else 
thinks  almost  doesn’t  matter. What  everybody 
else  does  almost  doesn’t  matter.  It’s  what 
Google  does.” 

Cummings  is  a  freelance  writer  in 
Massachusetts.  She  can  be  reached  at  jocum- 
mings@comcast.  net. 
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Take  cost  out  of  your  business  and  increase  productivity. 


No  matter  where  you  do  business. 


The  Brother  Advantage 

>•  Comprehensive  selection 
>•  Increased  productivity 
Lower  acquisition  costs 
Reduced  consumable  costs 
24/7/365  support  and  service 
Free  evaluation  program 


Brother  Printer,  Fax  and  Multi-Function  Center®  models - 
designed  to  increase  productivity  while  decreasing  overhead. 

Considering  that  over  94%  of  Fortune  1000  company  employees  work  outside 
corporate  headquarters*,  equipping  them  with  a  cost-effective  solution  is,  to 
say  the  least,  a  major  challenge. 


That's  why  Brother's  Commercial  Division  is  committed  to  providing  superior 
and  reliable  imaging  solutions  that  increase  productivity  while  reducing  costs. 
This  enables  businesses  like  yours  to  effectively  address  critical  organizational 
goals  and  challenges. 


Mobile  Printing  Solutions  Labeling  Solutions 


Desktop  Laser  Solutions  Color  Laser  Solutions 


But  it  is  our  product  reliability,  coupled  with  a  responsive  nationwide  support 
and  service  network,  that  has  companies  like  yours  putting  Brother  at  the  top 
of  their  requisition  lists. 

Brother's  Commercial  Division  welcomes  the  opportunity  to  put  our  resources 
to  work  for  you.  Contact  us  today  so  we  can  show  you  how  we  can  positively 
impact  your  bottom  line  while  enhancing  your  performance. 


Mufti-Function  Solutions 


Network  Printer  Solutions 


For  more  information,  call  1-866-455-7713. 

*Purchase  Influence  in  Larger  American  Businesses  ( Erdos  &  Morgan,  2001). 


©  2005  Brother  International  Corporation,  Bridgewater,  NJ  •  Brother  Industries  Ltd.,  Nagoya,  Japan 
For  more  information  visit  our  Web  site  at  www.brother.com 
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online  transactions 
with  the  Web’s  most 
trusted  brand. 
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malicious  threats  while 
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Protect  your  employees 
and  customers  with  strong  ^4 
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VeriSign  intelligent  infrastructure  at  work. 

Today  and  every  day,  VeriSign  intelligent  infrastructure  services  enable  and  protect  all  kinds  of  network 
interactions  in  today’s  complex  digital  world.  VeriSign  offers  a  host  of  mission-critical  security  services  to 
mitigate  reputational,  operational,  and  compliance  risks  in  the  simplest,  most  cost-effective  way  possible. 

VeriSign.  Where  it  all  comes  together.™ 


www.verisign.com/intelligence 

Download  the  free  white  paper  on  intelligent  infrastructure  services. 


2006  VeriSign.  Inc.  All  rights  reserved.  VeriSign.  the  VeriSign  logo,  “Where  it  all  comes  together,”  and  other  trademarks,  service  marks,  and 
it  signs  are  registered  or  unregistered  trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 
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MET  INFRASTRUCTURE 

SECURITY  SWITCHING  ROUTING  VPNS  BANDWIDTH  MANAGEMENT  VOIP  WIRELESS  LANS 


Short  Takes 


Deploying  IP  telephony  is  hot  issue 


■  In  a  survey  of  600  IT  managers 
in  the  United  States  about  their 
views  of  cybercrime,  IBM  found 
that  three-quarters  of  them  believe 
threats  to  corporate  security  come 
from  inside  their  organizations. 
According  to  the  interviews,  which 
were  conducted  by  Braun  Research 
on  behalf  of  IBM,  84%  of  the  600  IT 
managers  surveyed  shared  the 
belief  that  organized  criminal 
groups  with  technical  sophistica¬ 
tion  are  replacing  the  lone  hacker 
as  the  main  threat  from  the  outside. 
The  measures  that  U.S. -based  IT 
managers  regarded  as  most  impor¬ 
tant  to  prevent  cybercrime  include: 
keeping  anti-virus  software  and 
firewalls  up-to-date;  using  intru¬ 
sion-detection  and  intrusion- 
prevention  technologies. 

■  Riverbed  WAN-acceleration  appli¬ 
ances  are  to  be  sold  as  part  of  a 
McData  branch-office  consolidation 
service  called  Remote  Office  Con¬ 
solidation.  The  service,  announced 
last  week,  makes  remote  access  to 
data  quicker  so  branch  offices  don't 
need  to  support  as  many  onsite 
servers.  The  SpectraNet  WDS 
Accelerator  uses  a  variety  of  tech¬ 
nologies  to  improve  response  times 
between  sites  equipped  with  the 
devices.  The  goal  is  to  let  remote 
offices  access  applications  and  files 
from  a  central  site  at  LAN  speeds. 

■  A  new  version  of  a  mobile  security 
application  can  now  monitor  and 
control  an  array  of  third-party  appli¬ 
cations  on  a  laptop  or  other  hand¬ 
held.  Credant  Technologies’ 
Mobile  Guardian  Enterprise 
Edition  Version  5.1  can  detect 
when  banned  applications  are  being 
activated  and  then  block  them  from 
retrieving  the  necessary  files  to 
launch.  The  goal  is  to  prevent  disrup¬ 
tive,  distracting  or  dangerous  pro¬ 
grams  from  being  run  on  enterprise 
clients.  Mobile  Guardian  can  block 
data  transfers  entirely  or  encrypt  the 
data  before  the  transfer,  depending 
on  the  enterprise  security  policy. 
Mobile  Guardian  5.1  is  priced  start¬ 
ing  at  $85  per  user. 


PoE  switches, 
servers  heat  up 
data  centers. 


VoIP  environmental  fundamentals 

When  putting  an  IP  PBX  or  Power  over  Ethernet  (PoE)  LAN  switch  in  a  wiring 
closet  to  support  IP  phones  on  desktops,  consider  power  and  cooling 
requirements  for  the  equipment,  experts  say. 


BY  PHIL  HOCHMUTH 

While  the  IP  telephony  market  heats  up, 
thermometers  are  literally  spiking  in  some 
wiring  closets  and  computer  rooms  where 
VoIP  and  Power-over-Ethernet  gear  is  being 
installed,  users  say. 

Equipment  density  and  overheating  are 
constant  issues  for  data-center  managers. 
Beating  the  heat  has  become  another  con¬ 
cern  for  network  and  telecom  staff  deploy¬ 
ing  gear  in  wiring  closets,  as  PoE  and  VoIP 
gear  are  set  up  in  places  that  once  just 
housed  lower-power  switches,  cooler  hubs 
and  patch  panel  racks. 

“Power  in  general  has  been  our  Achilles’ 
heel  in  our  [IP  telephony]  deployment," 
says  John  Haltom,  network  director  at 
Erlanger  Health  Systems,  a  Southeast 
regional  HMO  based  in  Chattanooga, Tenn. 

Achilles’  heel  might  overstate  it,  as 
Erlanger  has  deployed  more  than  1,500  IP 
phones  in  production,  both  wired  and 


A  sampling  of  environmental/power  specifications  of  some  IP  PBX/PoE  LAN  gear: 

IP  PBX  gear 


Vendor 

Product 

Heat  (BTUs  per  hour) 

Operating  temperature 

3Com 

NBX 100 

923 

32  to  104 

Avaya 

S8700  Media  Server 

1,000 

40  to  110 

Cisco 

MCS  7825 

853 

50  to  95 

Nortel 

CS 1000 

1,024 

50  to  95 

LAN  switches 


3Com 

SuperStack  3  Switch  4400 

938 

32  to  104 

Cisco 

Catalyst  3750  G-24PS 

534 

32  to  113 

Extreme 

Summit  400-24p 

546 

32  to  104 

Nortel 

Switch  460-24T-PWR 

575 

32  to  104 

wireless,  running  on  a  Nortel  Com¬ 
munication  Server  1000  IP  PBX.  To  support 
IP  telephony,  Haltom  and  his  staff  installed 
PoE  switches  in  wiring  closets  to  light  up 
the  phones  and  UPS  equipment  to  allow 


switches  to  run  during  a  power  outage. 

These  redundancy  and  power  require¬ 
ments  challenged  the  healthcare  organiza¬ 
tion’s  IT  staff,  which  supports  a  1 12-year-old 

See  IP  telephony,  page  22 


RSA  adds  SANIL  2.0  support  to  server 


BY  JOHN  FONTANA 

RSA  Security  last  week  said  it  would 
upgrade  its  server  for  joining  identity  data 
between  and  among  companies  by 
adding  support  for  the  latest  version  of  a 
key  XML-based  protocol. 

The  company’s  Federated  Identity  Man¬ 
ager  3.0,  which  is  slated  to  ship  by  the  end 
of  June,  includes  support  for  the  Security 
Assertion  Markup  Language  (SAML)  2.0. 

RSA  also  has  redesigned  its  browser- 
based  management  console,  included 
tools  for  pretesting  connections  and 
added  an  embedded  data  store  as  well 
as  built-in  support  for  multiple  applica¬ 
tion  server  platforms. 

SAML  2.0  has  become  the  de  facto  stan¬ 
dard  for  identity  federation,  which  lets 
companies  share  user  data  for  authoriza¬ 
tion  and  authentication  across  corporate 
boundaries.  SAML  2.0  is  supported  by  the 
Liberty  Alliance  and  the  Shibboleth  proj¬ 
ect,  an  effort  to  create  federation  standards 
for  Internet  2. 


“RSA  needed  to  add  this  support  to  keep 
pace  in  the  market,”  says  Andrew  Braun- 
berg,  an  analyst  with  Current  Analysis. 
“SAML  2.0  might  be  a  check  box  [for  a 
vendor’s  feature  list],  but  it  is  a  pretty 
important  check  box.” 

The  Liberty  Alliance,  which  is  basing  its 
updated  specifications  on  SAML  2.0,  is  pro¬ 
jecting  there  will  be  1  billion  Liberty- 
enabled  identities  and  devices  by  year-end. 

In  November,  Liberty  certified  RSAs  imple¬ 
mentation  of  SAML  2.0,  which  was  approved 
as  an  official  standard  in  March  2005  by  the 
Organization  for  the  Advancement  of 
Structured  Information  Standards. 

Microsoft  is  backing  a  similar  protocol  it 
developed  with  IBM  called  WS-Federation, 
which  it  is  supporting  in  Windows  Server 
2003  Release  2,  and  released  in  December. 

Vendors  such  as  CA,  Entrust,  HR  IBM, 
Oracle,  RSA  and  Sun  are  hedging  their  bets 
and  supporting  both  protocols.  Ping 
Identity  provides  an  open  source  tool  kit 
for  WS-Federation  integration. 


For  RSA,  Federated  Identity  Manager  3.0 
will  enter  the  fray  with  tools  to  make  fed¬ 
eration  easier  to  deploy  and  make  con¬ 
nections  between  partners. The  new  soft¬ 
ware  version  includes  a  framework  for 
prototyping  and  testing  that  includes 
templates  for  such  tasks  and  authentica¬ 
tion  and  policy  creation. 

The  company  also  has  updated  its  man¬ 
agement  console’s  GUI,  which  now 
includes  searching  and  pagination  fea¬ 
tures.  The  interface  includes  new  tools  for 
managing  connections,  a  wizard-based 
configuration  tool  that  produces  an  XML- 
based  metadata  file  and  improved  trouble¬ 
shooting  capabilities. 

In  addition,  RSA  has  eliminated  its  depen¬ 
dency  on  BEAs  WebLogic  application 
server,  and  now  supports  WebSphere  and 
any  other  Java-based  application  server. 

RSAs  Federated  Identity  Manager  3.0  is 
priced  starting  at  $50,000  for  three  connec¬ 
tions.  A  10-connection  configuration  is 
priced  at  $100,000.  ■ 
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Measuring  the  new  broadband 


T0U.Y  ON  TECHNOLOGY 

Kevin  Tolly 


The  rebirth  of  AT&T  and  its  sud¬ 
den  expansion  by  gobbling  up 
BellSouth  have  again  propelled 
next-generation  broadband  ser¬ 
vices  to  the  front  page  of  The  Wall 
Street  Journal  And  it  is  not  just  DSL 
and  cable  vendors  vying  for 
supremacy  Verizon  is  investing 
heavily  in  fiber  to  the  home  to 
boost  bandwidth;  other  compa¬ 
nies  are  poised  to  leverage  next- 
generation  IEEE  802.16  WiMAX 
wireless  to  deliver  metropolitan 
bandwidth  without  ditch-digging. 
Ultimately  we’ll  choose  among 
them  —  but  on  what  basis? 

If  it  is  true  that  past  is  pro¬ 


logue,  we’ll  choose  by  weighing 
what  kind  of  service  bundle 
(telephony,  data,  TV  and  so  on) 
and  what  kind  of  monthly  price. 
We’ll  do  this  without  having  a 
vague  idea  of  how  the  service 
provider  will  deliver  these  ser¬ 
vices.  And,  we’ll  find  no  guaran¬ 
tees  from  the  service  provider 
about  the  quality  or  availability 
of  the  bundle  we  buy. 

The  stakes  for  corporate  net¬ 
work  managers  and  small  and 
midsize  businesses  are  high. 
Broadband  services  increasingly 
are  the  primary  service  linking  re¬ 
mote  office  workers,  telecom¬ 
muters  and  others  to  the  corpo¬ 
rate  network  and  other  resources. 

Ironically  in  this  most  central  of 
high-tech  endeavors  —  the  net¬ 
work  connecting  everyone  to 
everything  —  corporate  and  con¬ 
sumer  broadband  buyers  get 


shockingly  little  quantitative  infor¬ 
mation  to  go  on. 

Car  manufacturers  tout  the  tech¬ 
nological  breakthroughs  of  their 
new  vehicles,  but  you  won’t  find 
that  in  the  broadband  world. 

The  best  that  you’ll  get  from 
your  broadband  provider  is  a 
vague  reference  that  goes  some¬ 
thing  like  “up  to  70  times  faster 
than  dial-up.” And  when  that  mere 
4Mbps  isn’t  good  enough,  you 
can  pay  more  for  premier  service 
and  get  “up  to  6Mbps.”  No  guaran¬ 
tees,  of  course. 

Broadband  providers  seem  to 
have  a  secret  pact  with  each 
other,  knowing  that  once  one  of 
them  provides  factual  data  about 
their  networks  and  performance, 
they  might  all  have  to  do  it. 

While  cable  providers,  for  exam¬ 
ple,  brag  about  how  great  cable  is 
and  how  it  is  an  urban  myth  that 


response  time  is  degraded  when 
the  neighborhood  kids  log  on 
after  school,  I  and  others  like  me 
still  experience  these  supposedly 
nonexistent  problems. 

The  contrast  between  the 
happy-face  home  pages  of  the 
broadband  providers  and  reality 
of  their  services  as  reported  by 
some  unhappy  consumers  on 
Broadband  Reports  (www.nwdoc 
finder.com/2628)  is  stunning. 

Why  don’t  broadband  providers 
brag  about  their  infrastructure? 
Perhaps  because  much  of  a  given 
service-provider  network  is  in  a 
state  of  shambles,  with  only  a 
small  percentage  of  the  infrastruc¬ 
ture  near  state-of-the-art  quality 

Why  don’t  these  providers  give 
a  buyer  any  inkling  of  their  over¬ 
subscription  policy?  There  is 
nothing  barring  a  service  pro¬ 
vider  to  sell,  say  6Mbps  service  to 


100  customers  who  have  to  pass 
through  the  same  100Mbps  con¬ 
nection  to  the  Internet. 

There  is  no  way  that  any  more 
than  a  fraction  of  them  will  get 
their  full  6Mbps  at  any  given  time. 
Would  you  pay  the  upgrade  pre¬ 
mium  (often  50%)  if  you  knew 
this  situation?  I  wouldn’t.  And  the 
broadband  provider  gets  off  the 
hook  by  having  a  little  footnote 
that  states  “speed  not  guaran¬ 
teed”  on  the  order  form.  Is  that 
fair  to  consumers? 

Do  any  of  these  new  offerings 
provide  clear  technological  ad¬ 
vantages?  If  so,  they  should 
prove  it. 

Tolly  is  president  of  The  Tolly 
Croup,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


ScanSafe  debuts  instant-message  security  service 


BY  CARA  GARRETSON 

Web  security  company  ScanSafe  this 
week  plans  to  announce  a  service  aimed 
at  helping  customers  protect  instant¬ 
messaging  channels  from  viruses,  spam 
and  other  threats,  as  well  as  enforcing 
policies  across  this  increasingly  popular 
communications  mechanism. 

The  Radicati  Group  predicts  that  the  num¬ 
ber  of  IM  messages  sent  per  day  will 
increase  from  13.9  billion  in  2005  to  more 
than  46  billion  by  2009. 

With  that  growth  comes  a  rise  in  abuse, 
and  to  combat  that  Web  and  messaging 
security  vendors  including  Postini, 
MessageLabs  and  CipherTrust  are  rounding 
out  their  offerings  with  dedicated  IM  prod¬ 
ucts  and  services. 

ScanSafe’s  new  service,  called  IM  Control, 
works  with  popular  IM  services  from  Yahoo, 
Microsoft, AOL  and  others. Customers  of  the 
service  point  their  DNS  records  to  Scan¬ 
Safe,  so  that  all  IM  messages  going  into  and 
out  of  the  organization  are  sent  through  the 
IM  Control  service,  where  they  are  scanned 
for  spam,  viruses  and  other  malware,  and 
directed  to  archives  for  compliance  rea¬ 
sons,  says  Dan  Nadir,  vice  president  of  prod¬ 
uct  strategy 

Building  from  its  initial  offering  that  scans 
a  company’s  HTTP  traffic  for  threats  with- 
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out  introducing  latency,  ScanSafe  has 
developed  IM  Control  so  that  it  is  transpar¬ 
ent  to  users,  Nadir  says.  The  first  time  users 
access  an  IM  account,  they  are  instructed  to 
log  on  —  so  that  the  service  can  correlate  a 
screen  name  with  a  corporate  e-mail 
address  for  identification  —  but  users  will 
see  no  evidence  of  the  service  in  subse¬ 
quent  sessions. 

Achieving  zero  latency  is  even  more  cru¬ 
cial  for  IM  communications  than  for  Web 


IP  telephony 

continued  from  page  21 

hospital’s  network  and  telecommunica¬ 
tions  systems. 

“Trying  to  retrofit  areas  that  are  already 
cramped  with  larger  PoE  switches,  larger 
UPSs”  was  the  challenge,  Haltom  says.“By 
the  way,  all  that  gear  generates  more 
BTUs,  so  you  have  to  upgrade  the  AC 
units  in  those  closets.” 

By  most  measures,  wiring  closets’  biggest 
heat  boosters  are  PoE  switches,  which  do 
double  duty  in  transporting  Ethernet  traffic 
and  acting  as  AC  power  supplies  for  IP 
phones  and  other  PoE-capable  gear 
plugged  into  the  devices’  power  ports.  For 
example,  Cisco’s  non-FbE  24-port  Catalyst 
3750  LAN  switch  generates  about  1 76  BTUs 
of  heat  per  hour;  add  the  PoE  option,  and 
the  switch  heats  up  to  534  BTUs.  Add  a  stan¬ 
dard  UPS  that  dissipates  80  to  100  BTUs, 
and  the  heat  output  in  one  wiring  closet 


surfing,  Nadir  says,  because  chats  are 
done  in  real  time. 

The  service  also  manages  IM  policies  and 
sends  IM  messages  to  archiving  solutions  at 
the  customer’s  location  or  offsite.  Those 
messages  are  encrypted,  Nadir  says. 

Although  IM  threats  aren’t  nearly  as  preva¬ 
lent  as  those  found  in  e-mail  and  Web  traf¬ 
fic,  scams  across  public  IM  networks  are 
becoming  more  popular,  Nadir  says.  He 
offers  the  example  of  malware  that  replaces 


more  than  triples  to  support  IP  telephony 
Nortel’s  24-port  Switch  420T  heats  up  to 
220  BTU;  its  PoE-capable  Switch  460-24T- 
PWR  is  more  than  double  that. 

Planning  how  this  gear  will  be  cooled 
and  kept  safe  should  not  be  an  after¬ 
thought,  experts  say 

“All  network  devices  should  be  placed  in 
locations  with  . .  .  adequate  heat  dissipa¬ 
tion,  ventilation  and  air  conditioning,” 
according  to  Salvatore  Collora  and  Ed 
Leonhardt,  two  Cisco  Certified  Internet 
Experts,  in  Planning  the  Cisco  CallManager 
Implementation,  published  in  2004  by 
Cisco  Press.“Although  it  is  surprising, some 
deployments  actually  store  servers  and 
switches  in  broom  closets  and  under 
desks.  Improper  care  of  your  equipment 
contributes  to  environmental  and  security 
hazards  that  can  disable  or  degrade  your 
voice  deployment.” 

This  could  especially  be  true  in  small 
businesses,  where  an  older  key  telephone 


a  user’s  away  message  with  a  link  to  a  Web 
site  that  downloads  spyware. 

Nadir  says  regulatory  compliance  is  the 
No.l  reason  that  enterprises  will  use  IM 
Control,  because  agencies  such  as  the 
Securities  and  Exchange  Commission  say 
IM  messages  must  be  archived  along  with 
e-mail  and  other  corporate  communica¬ 
tions  channels.  IM  has  become  popular  in 
the  financial  industry  and  the  industry  is 
heavily  regulated.  ■ 


system  is  being  replaced.  These  devices 
combined  call  processor,  phone  power 
supply  and  switching, and  could  be  stored 
almost  anywhere.  However,  companies 
should  have  a  cool,  dry  place  ready  for 
newer  IP  PBX  gear. 

“In  certain  climates,  you  could  have 
very  high  humidity,  with  the  ambient  tem¬ 
perature  getting  above  [104  degrees],” 
says  Patrick  Ferriter,  vice  president  of 
marketing  for  Zultys,  a  maker  of  IP  PBXs 
that  targets  small  offices  as  a  key  system 
replacement. 

“There  are  places  where  it  does  get  hot, 
and  you’re  going  to  have  problems  if  you 
don’t  have  air  conditioning.”  How  much 
cooling  will  depend  on  the  IP  PBX,  he  adds. 

“If  you  have  an  IP  PBX  which  has  built-in 
gateways,  and  if  you  have  a  lot  of  analog 
connections  —  FXS  boards  that  provide 
ring  voltage  —  it  could  start  to  get  even  hot¬ 
ter?  Patrick  says.“It’s  going  to  be  hotter  than 
a  traditional  key  system  for  sure.”B 


73%  of  the  FORTUNE  100®  and  76% 
of  the  European  100  compared  business 
collaboration  providers  and  came  to 
a  single  conclusion. 


Obviously,  great 
minds  think  alike. 


Many  of  the  world's  most  successful  organizations  rely  upon  Sterling  Commerce  to  automate  their  business  pro¬ 
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Eliminate 

multiple 

software 

license  fees. 

Legally. 

Why  pay  again  for  something  you  already  own?  The  Pillar  Axiom™ 
storage  system  lets  you  add  performance  and  over  300  TB  of 
capacity  per  system  without  requiring  you  to  pay  for  additional 
software  license  fees.  It  combines  both  SAN  and  NAS  environments 
and  empowers  you  to  manage  multiple  tiers  of  data  through  a  single, 
easy-to-use  interface.  And  it  delivers  top-tier  performance  that  can 
improve  your  bottom  line,  often  for  less  than  what  many  companies 
pay  just  to  operate  and  maintain  their  storage  systems. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 

«> 

owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1  -877-252-3706  or  visit  www.pillardata.com/legally 

Learn  the  truth  about  networked  storage.  ^ 
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Vendor’s  servers  aren’t  one-size-fits-all 


BY  JENNIFER  MEARS 

KPMG’s  computer  forensics  division 
needs  processing  power,  and  lots  of  it,  for 
work  such  as  data  analysis  and  transaction 
reconstruction.  The  team  also  has  a  good 
idea  of  what  the  systems  needed  to  supply 
that  power  should  look  like. 

What  they  don’t  look  like  are  off-the-shelf 
offerings  from  Tier  1  providers,  such  as  HP 
and  IBM.The  KPMG  team  instead  turned  to 
lesser-known  Open  Source  Storage,  which 
sells  custom-built  servers  and  clustering 
packages  based  on  open  standards. 

“Trying  to  do  a  true  custom  solution 
through  HP  or  one  of  the  other  vendors  is  a 
pain,  because  they  have  their  standard  plat¬ 
forms  that  are  already  built  and  they  scale 
off  of  that,” says  Ed  Goings, director  of  foren¬ 
sic  technology  at  KPMG  in  Chicago.  “With 
Open  Source  Storage,  we  can  give  specifics, 
even  down  to  the  type  of  memory  we  want 
in  the  machine.” 

Open  Source  Storage’s  32-  and  64-bit 
servers  (including  a  new  two-processor 


Open  Source  Storage's 
RS  64  server 

Features  of  the  1U  storage  system 


•  Two  2.2GHz  dual-core  Opteron  processors. 

•  Up  to  64GB  of  RAM. 

•  Four  500GB  hot-swappable  SATA  drives. 

•  Support  for  applications  such  as  imaging, 
electronic  design  automation,  large  databases. 

•  A  starting  price  of  $50,000. 

model  called  the  ITS  64  that  boasts  up  to 
64GB  of  memory)  are  designed  for  high- 
density  processing. 

Goings,  who  began  working  with  Open 
Source  Storage  about  three  years  ago,  says 


he  is  looking  at  the  RS  64  to  support  huge 
memory-intensive  database  applications. 

While  the  vendor  prides  itself  on  creating 
open  source  packages,  from  hardware  to 
software,  it  is  open  to  user  demands  on 
every  level,  says  Eren  Niazi,  president,  CEO 
and  founder. 

“We’11  give  recommendations  and  pro¬ 
vide  performance  numbers  and  let  them 
decide,”  Niazi  says.  “We  have  a  reference 
center  where  we  can  build  the  machines, 
and  customers  can  log  on  and  test  the 
performance.” 

Goings,  for  example,  runs  Windows  Server 
2003  on  his  Open  Source  Storage  servers, 
rather  than  CentOS,  a  Red  Hat-compatible 
Linux  distribution  that  is  the  vendor’s  pre¬ 
ferred  operating  system. 

“We  looked  at  [Open  Source  Storage]  for 
open  source,  but  from  a  hardware  stand¬ 
point,  not  from  an  operating  system  or 
development  platform,”  Goings  says.  “We 
wanted  to  be  able  to  specify  what  hardware 
we  wanted  in  there _ We  don’t  like  being 


told  what  has  to  be  in  the  machine.” 

The  vendor  also  supports  Solaris,  and  this 
week  is  expected  to  announce  that  it  has 
received  Level  2  certification  for  its  VS1800 
Opteron-based  system,  the  highest  level  in 
Sun’s  program  to  certify  hardware. 

While  Open  Source  Storage  has  a  chal¬ 
lenge  in  competing  with  the  traditional  sys¬ 
tems  vendors,  its  business  has  been  growing 
as  the  industry  rallies  around  open  source. 
The  privately  held  company  founded  in 
2001  targets  high-tech  firms  and  the  finan¬ 
cial  sector,  and  has  been  seeing  steady  dou¬ 
ble-digit  growth  each  quarter,  Niazi  says. 

William  Hurley  a  senior  analyst  at  Data 
Mobility  Group,  says  Open  Source  Storage 
offers  an  interesting  alternative. 

“The  manufacturing  model  they’ve 
adopted  allows  a  high  degree  of  cus¬ 
tomization  using  standards-based  compo- 
nentry”  he  says.  “So  you  get  the  flexibility 
and  specificity  [of  configuration]  that  you 
need  with  the  comfort  of  having  things 
built  on  open  standards.”  ■ 


CopperEye  to  help  customers  downsize  databases 


Profile:  Uoppertye 

Based: 

Bath,  England,  (U.S.  offices  in  Stamford,  Conn.,  San  Mateo,  Calif.) 

Founded: 

June  2000 

Products: 

Greenwich  and  Search  offerings  for  finding  and  retrieving  business  transaction  data 
across  an  enterprise. 

Founders: 

COO  Paul  McCafferty,  formerly  of  Convergys,  and  CTO  Duncan  Pauly,  formerly  of 
Vodophone  and  Oracle. 

Venture  funding: 

Officially  undisclosed,  but  known  to  be  at  least  $6.7  million. 

BY  DENI  CONNOR 

A  company  led  by  former  database-soft- 
ware  vendor  executives  is  touting  enter¬ 
prise  search  technology  that  it  says  can 
help  companies  reduce  their  reliance  on 
expensive  relational  database  systems. 

CopperEye’s  twist?  Its  software  enables 
customers  to  put  static  transaction  data  in 
an  easily  searchable  flat-file  format  on  net- 
worked-attached  storage  (NAS)  servers 
rather  than  on  relational  database  servers 
residing  on  pricier  storage-area  networks. 

The  British  company’s  Greenwich  soft¬ 
ware  runs  on  a  server,  continually  discov¬ 
ering  structured  data  files  that  include 
business  transactions  and  indexing  them. 
Greenwich  exposes  the  data  in  those  files 
through  Open  Database  Connectivity,  and 
customers  use  CopperEye’s  Search  soft¬ 
ware  to  make  SQL  queries. 

“The  founders  started  out  developing 
what  they  thought  would  be  the  next  great 
extract,  transform  and  load  [ETL]  tool, 
and  on  the  way  to  building  that  they  actu¬ 
ally  uncovered  a  new  way  of  indexing 
transactions,”  says  CEO  Kate  Mitchell,  who 
previously  worked  at  IBM  and  Oracle.  ETL 


tools  let  companies  move  data,  reformat  it 
and  load  it  into  a  relational  database  for 
analysis. 

Rather  than  using  the  B-tree  indexing 
method  common  to  relational  databases, 
Mitchell  says,  CopperEye  uses  a  propri¬ 
etary  indexing  method  that  stores  transac¬ 
tion  data  —  stock  trades,  phone  calls  or 
Web  purchases  —  in  a  flat-file  system. 

MessageLabs,  an  English  provider  of 
hosted  e-mail  scanning  services,  uses 
CopperEye’s  software  for  finding  the  e- 
mail  transactions  of  13,000  customers. 
Each  day  MessageLabs  processes  6  billion 


rows  of  log  file  data  and  200  million  trans¬ 
actions  using  CopperEye’s  software. 

“The  problem  we  were  trying  to  solve  is 
to  access  billions  of  messages  that  are 
flowing  through  our  infrastructure  to  help 
a  single  client  locate  a  single  message  so 
they  can  understand  where  it  is  in  the 
mail-message  workflow,”  says  Carmen 
Carey,  COO  for  MessageLabs.  “These  trans¬ 
actions  are  static,  so  keeping  them  in  a 
relational  database  was  not  the  way  to  go.” 

Steve  Duplessie,  founder  and  senior  ana¬ 
lyst  for  the  Enterprise  Strategy  Group, says: 
“The  key  is  that  CopperEye  can  take  data 


out  of  the  database  and  make  the  data¬ 
base  faster  and  easier  to  manage.  With 
CopperEye,  you  don’t  have  to  buy  the 
most  expensive  storage  gear  and  manage 
it  with  the  most  expensive  administrators.” 

Duplessie  says  the  cost  savings  on  stor¬ 
age  hardware  alone  by  implementing 
CopperEye  could  be  enormous.“No  more 
big  licenses  for  Oracle,  no  more  giant 
server  upgrades  and  no  more  expensive 
Tier  1  storage  upgrades.  Put  80%  of  the 
database  on  an  inexpensive  NAS  box,”  he 
says. 

CopperEye  competes  with  data-ware- 
housing  and  relational-database  vendors 
IBM,  Oracle  and  Netezza.  Unlike  Netezza’s 
Performance  Server,  which  combines  a 
server,  storage  and  relational  database  in 
one  device,  CopperEye's  software  is  stor¬ 
age-system-agnostic. 

CopperEye  Greenwich  and  Search  run 
on  a  Linux  or  Unix  server  that  attaches  to 
a  Gigabit  Ethernet  network.  The  products 
are  priced  based  on  the  number  of  rows 
of  data  under  management.  Pricing  starts 
at  $50,000.  A  typical  installation  could 
cost  as  much  as  $250,000.  ■ 
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Introducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Biglron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design,  the 
Biglron  RX  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

Find  out  more  about  the  BigIron  RX  Series  and  how 

YOU  CAN  REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 
NETWORK.  LOG  ON  TO  WWW.FaUNDRYNET.COM/BlGlRONRX. 
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Short  Takes 


■  Mirapoint  last  week  announced 
ComplianceVault,  an  appliance 
designed  to  store  e-mail  messages  in 
accordance  with  corporate  and  gov¬ 
ernment  regulations.  With  1TB  of 
storage,  the  1U  appliance  is  designed 
for  midsize  companies  that  need  fast 
access  to  archived  e-mail,  which 
users  can  search  via  a  simple  Web 
interface,  the  company  says. 
ComplianceVault  stores  archived  e- 
mail  messages  for  a  set  amount  of 
time  before  encrypting  and  sending 
them  to  tape.  It  is  priced  at  $14,995 
and  can  be  purchased  alone  or  inte¬ 
grated  with  Mirapoint's  RazorGate  e- 
mail  gateway  security  appliance. 

■  NewsGator  last  week  introduced 
three  versions  of  its  NewsGator 
Mobile  RSS  reader,  designed  for 
HTML-enabled  devices,  Windows 
Mobile  platforms  and  Java  2 
Platform,  Micro  Edition-enabled 
devices.  They  synchronize  with 
NewsGator  Online,  which  lets  users 
read  content  and  manage  their  RSS 
feeds  from  any  device.  The  Windows 
version  works  with  all  Windows-based 
mobile  devices,  including  pocket  PCs 
and  smart-phones. The  J2ME  reader 
works  with  popular  phones  and 
PDAs,  including  Research  in  Motion's 
BlackBerry  and  PalmTreo,  and  vari¬ 
ous  Motorola  devices.  The  Java  and 
Windows  versions  are  slated  to  be 
available  by  the  end  of  June  and  cost 
$29.95  with  a  one-year  subscription. 
The  HTML  reader  is  available  now. 

■  A  new  case-management  sys¬ 
tem  being  implemented  by  the  FBI 
could  cost  as  much  as  $500  million, 
blowing  away  the  $170  million  sunk 
into  a  previous  project  abandoned  a 
year  ago,  according  to  a  government 
watchdog  group.  Last  week,  the 
Justice  Department's  Office  of  the 
Inspector  General’s  Audit  Division 
issued  a  91 -page  report  examining  the 
FBI's  Sentinel  Case  Management 
System.  Sentinel  is  designed  to 
replace  antiquated  systems  for  man¬ 
aging  the  records,  workflow  and  evi¬ 
dence  needed  by  FBI  workers  to  han¬ 
dle  cases. 


CA,  Dell  bolster  mgmt.  software 


BY  DENISE  DUBIE 

CA  and  Dell  have  or  are  expected  to 
announce  new  and  upgraded  products 
that  customers  say  will  help  them  better 
manage  client  and  server  systems,  with 
fewer  tools  and  more  automation. 

CA  is  set  to  announce  this  week  its 
Desktop  and  Server  Management  (DSM)  1 1 
suite,  which  includes  applications  that  sep¬ 
arately  performed  software  delivery  remote 
control  and  asset  management.  The  suite 
integrates  those  features  with  common 
agent  and  database  technology 

The  integration  should  help  customers 
reduce  the  number  of  products  —  and 
management  consoles  —  needed  to  per¬ 
form  ongoing  support  and  maintenance  for 
desktops  and  servers,  says  Jason  Bullock, 
systems  administrator  for  Colorado  Springs 
School  District  11.  “We  basically  get  the 
three  products  we  used  before,  rolled  into 


Doctor,  heal  thyself 

A  Forrester  Research  study  revealed 
that  systems  management  vendors 
providing  patch  management  software 
may  not  be  as  quick  to  fix  bugs  in  their 
own  products.  Of  the  88  vulnerabilities 
evaluated, 

24% 

had  not  yet  been  patched,  had  patches 
that  were  no  longer  available  for  older 
products,  or  required  a  product 
upgrade  to  fix. 

one,”  he  explains.  “Having  them  all  integrat¬ 
ed  into  one  interface  gives  me  less  to  man¬ 
age.  We  also  have  fewer  agents  out  on 
machines.” 

Bullock  says  he  migrated  to  DSM  1 1  from 


Version  4.0  of  previous  CA  Unicenter  prod¬ 
ucts.  He  pushed  out  one  new  agent  that 
replaces  three,  which  will  reduce  the 
amount  of  software  installed  on  some  600 
Microsoft  Windows-based  servers  and  8,500 
desktops.  DSM  1 1  software  includes  a  man¬ 
agement  console  and  distributed  agents  on 
managed  server  or  client  machines.  With 
the  upgrade,  Bullock  says  he  will  be  able  to 
support  remaining  Windows  95  clients  that 
CAs  previous  products  didn’t  support. 

“They  took  a  step  back,  kind  of,  but  in  the 
best  way  This  new  release  provides  us  with 
backwards  compatibility  on  our  older  sys¬ 
tems  until  we  can  upgrade,”  Bullock  says. 

CA  also  is  set  to  unveil  this  week  the  CA 
Desktop  Management  Suite  for  Windows,  a 
scaled-down  version  of  DSM  1 1  that  is  suit¬ 
ed  for  smaller  customers.  It  has  desktop 
management  and  back-up  capabilities 
See  Systems,  page  28 


Azaleos  adds  e-mail  backup  option 


Disaster  recovery 

Exchange  management  vendor  Azaleos  is  introducing  high-availability  support 
for  its  OneServer,  which  runs  Exchange  2003. 


Corporate  network  Disaster  recovery  site 


□  The  Azaleos  OneServer  on  the  LAN  backs  up  its  mail  and  data  store  to  a  Network  Appliance  storage  device. 
B  The  NetApp  storage  device  on  the  LAN  mirrors  its  data  to  a  NetApp  storage  device  in  the  disaster  recovery  site. 
H  If  the  LAN's  OneServer  fails,  the  user  receives  e-mail  from  the  disaster  recovery  site's  OneServer. 


BY  JOHN  FONTANA 

E-mail  management  vendor  Azaleos  this 
week  is  set  to  introduce  an  e-mail  back-up 
option  for  users  of  its  OneServer  appli¬ 
ance.  The  option,  which  combines 
OneServer  appliances  running  Exchange 
with  network  storage  devices  from 
Network  Appliance,  gives  users  a  hot  back¬ 
up  to  a  disaster  recovery  site. 

The  platform  uses  iSCSI  connections  and 
storage  virtualization  technology  A  Net¬ 
work  Appliance  NetApp  FAS270  storage 
device  on  the  corporate  network  captures 
snapshots  of  the  Exchange  mail  stored  on 
a  OneServer  appliance  and  synchronizes 
them  with  the  disaster  recovery  site,  which 
also  is  running  OneServer  and  a  FAS270 
(see  graphic). 

The  FAS270  includes  1TB  of  storage,  al¬ 
though  it  can  scale  to  4TB.  It  also  includes 
built-in  RAID  for  protection  against  data 
loss  and  disk  failure,  hot  spare  disks  for  fast 
failure  recovery  redundant  power  supplies 
and  cooling  fans,  and  battery-backed  RAM 
for  guaranteed  writes. 

OneServer  is  a  dedicated  appliance  that 
provides  an  active,  passive,  fault-tolerant 
and  clustered  Exchange  platform  for  cor¬ 
porate  messaging.  The  appliance,  which  is 
built  on  HP  or  Dell  hardware,  runs  Windows 
Server  2003;  Exchange  2003;  and  security, 


mobility  and  compliance  software  from 
third-party  vendors. 

“If  you  are  going  to  have  Azaleos  provide 
you  with  the  OneServer  appliance  and  let 
them  manage  it,  backup  is  a  very  logical 
extension  of  that,”  says  Michael  Osterman, 


president  of  Osterman  ResearchTBackup  is 
absolutely  a  critical  activity’ Azaleos,  which 
began  shipping  OneServer  a  year  ago,  is 
modifying  its  service-level  contracts  to 
change  its  guaranteed  availability.  It  also  is 
See  Azaleos,  page  28 
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Protecting  the  guilty  yet  again 


NET  INSIDER 

Scott  Bradner 


No  one  who  knows  is  saying 
how  long  it’s  been  going  on,  but 
you’d  better  keep  a  close  eye  on 
your  bank  account  balance  if  you 
use  a  debit  card.  For  at  least  the 
last  month,  maybe  much  longer, 
thieves  from  as  far  away  as  Russia 
have  been  cleaning  out  bank 
accounts  using  stolen  debit  card 
numbers  and  PINs.  No  one  is  will¬ 
ing  to  say  who  is  to  blame. 

Customers  at  a  number  of  US. 
banks  —  Citibank  being  the  most 
prominent  —  have  been  hit. 


Citibank  is  not  saying  much  that’s 
of  any  use  if  you  would  like  to  pro¬ 
tect  your  assets.  All  it’s  saying  is 
there  was  a  breach  at  a  U.S.  com¬ 
pany  that  exposed  PINs,  and 
Citibank  is  blocking  transfers  from 
Canada,  Russia  and  the  U.K.Woe 
to  you  if  you  happen  to  be  travel¬ 
ing  in  one  of  those  countries,  as 
your  card  will  stop  working  with 
no  notice. 

Citibank  refuses  to  name  the 
U.S.  company  in  spite  of  claiming 
in  a  press  release,  “Protecting  our 
customers’  accounts  and  person¬ 
al  information  is  one  of  our  high¬ 
est  priorities.”  But  not  so  high,  if  it 
means  giving  customers  the  infor¬ 
mation  they  need  to  protect  them¬ 
selves.  California  law  requires  that 
anyone  exposing  this  type  of 
information  about  a  California 


resident  must  fess  up  in  a  timely 
manner.  Some  companies  in  this 
situation  have  said  law  enforce 
ment,  in  its  infinite  semi-wisdom, 
has  told  them  not  to  tell  anyone.  A 
company  that  actually  cared 
about  the  impact  of  its  screw-up 
on  customers  would  insist  on 
informing  the  public. 

In  this  latest  case,  the  most  likely 
explanation  is  that  some  hacker 
broke  into  a  server  at  some  com¬ 
pany  that  processes  debit  cards 
and  ran  off  with  a  file  of  card 
numbers  and  PINs.  Under  the  pay¬ 
ment  card  industry  (PCI)  rules 
(see  www.nwdocfinder.com 
/2626),that  sort  of  thing  is  not  sup¬ 
posed  to  be  possible.  First,  no 
computer  that  stores  card  infor¬ 
mation  is  supposed  to  be  directly 
reachable  from  the  Internet,  and 


second,  storing  PINs  is  explicitly 
prohibited.  By  the  way,  if  your 
company  deals  with  credit  or 
debit  cards,  someone  should  be 
paying  attention  to  the  PCI  rules. 
Visa  says  failure  to  follow  the  rules 
makes  a  company  subject  to  a 
fine  of  $500,000  per  incident  (see 
www.nwdocfinder.com/2627). 

At  some  point  we  will  find  out 
what  company  was  not  follow¬ 
ing  the  rules  and  thus  facilitat¬ 
ed  the  current  rash  of  thefts.  I 
cannot  imagine  the  company 
will  be  better  off  having  tried  to 
keep  its  identity  secret  or  Visa 
will  be  better  off  having  told  a 
congressman,  in  effect,  that  it 
thinks  coming  clean  so  its  cus¬ 
tomers  know  what  is  going  on  is 
not  a  priority. 

The  open  question  is  what  actu¬ 


al  liability  the  company  will  have 
in  regard  to  the  time,  trouble  and 
credit  rating  impact  that  hundreds 
of  thousands  of  debit  card  hold¬ 
ers  have  experienced.  Sooner  or 
later  some  court  will  realize  that 
real  damages  deserve  real  com¬ 
pensation.  Maybe  when  that  hap¬ 
pens  some  companies  that  are 
sloppy  with  security  will  learn  that 
good  security  pays. 

Disclaimer:  Company  learning 
—  or  at  least  company  executives 
learning  —  is  an  aim  of  the 
Harvard  B-school.  But  I  did  not 
ask  it  about  this  lesson,  so  the 
above  is  all  mine. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


“There  is  a  significant  trend  toward  consolidat¬ 
ing  systems  and  management  features  into 

fewer  tools.” 

David  Friedlander,  senior  analyst,  Forrester  Research 


Systems 
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enabling  life-cycle  management  of  PCs.CA 
says  its  automated  features  reduce  the 
time  required  to  distribute  and  maintain 
software,  maintain  software  inventories, 
configure  machines, protect  local  data  and 
manage  remote  systems. 

“There  is  a  significant  trend  toward  con¬ 
solidating  systems  management  features 
into  fewer  tools,”  says  David  Friedlander,  a 
senior  analyst  with  Forrester  Research. 
“Customers  want  to  minimize  the  number 
of  agents  that  perform  overlapping  func¬ 
tions.” 

In  addition,  CA  introduced  Unicenter 
Patch  Management,  a  subscription  ser¬ 
vice  that  connects  customers  to  a  con¬ 
stantly  updated  patch  management  site 
where  CA  monitors,  validates,  research¬ 
es,  publishes  and  distributes  all  relevant 
patch  information.  Unicenter  Patch 
Management  works  with  CA  Asset  Man¬ 
agement,  Unicenter  Software  Delivery 
and  the  CA  Desktop  Management  Suite 
for  Windows. 
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CA  competes  with  Altiris  and  LANDesk  in 
the  area  of  client  systems  management.  CA 
Desktop  Management  Suite  for  Windows 
costs  $86,  and  volume  discounts  apply  A 
year’s  subscription  to  Unicenter  Patch 
Management  starts  at  $12  per  system,  and 
volume  discounts  apply. 

Dell  and  Altiris  last  week  jointly 
announced  a  product  from  Dell  that 
incorporates  Altiris’  systems  manage¬ 
ment  features.  Dell  OpenManage  Client 
Administrator  (OMCA)  3.0  integrates 
Dell’s  hardware  monitoring  features 
with  Altiris’  client  management  software 
so  customers  can  use  one  integrated 
tool  for  both  tasks. 

For  example,  Dell’s  monitoring  software 
reports  on  a  machine’s  basic  input/output 
system  (BIOS)  configuration,  intrusion  and 
access  to  the  chassis,  and  hardware  inven¬ 
tory  details.  Altiris’  software  monitors  the 
applications  and  operating  systems  run¬ 
ning  on  the  client  machine.  OMCA  3.0 
integrates  those  two  sets  of  collected  met¬ 
rics  into  one  interface,  repository  and  man¬ 
agement  console.The  software  uses  a  cen¬ 
tralized  management  console  and  distrib¬ 
uted  agents. 

Scott  Read,  network  systems  analyst 
for  the  state  of  Montana’s  Department  of 
Transportation  in  Helena,  doesn’t  use 
Dell’s  OMCA  3.0,  but  does  use  a  Dell 
application  that  snaps  into  his  Altiris 
systems  management  software  imple¬ 
mentation  to  combine  the  hardware 


and  software  metrics  into  one  systems 
management  tool. 

“Hardware  monitoring  had  always  been 
our  missing  link  with  Altiris.  We  had  been 
asking  the  company  for  a  way  to  integrate 
our  BIOS  information  into  their  software,” 
Read  says.  Altiris  told  Read  of  the  partner¬ 
ship,  and  he  promptly  downloaded  the 
Dell  plug-in  to  help  monitor  hardware  met¬ 
rics  on  some  2,100  desktops. 

Dell,  which  competes  with  HP  and  IBM  in 
hardware  monitoring  products,  is  address¬ 
ing  a  critical  customer  need. 

“Using  the  two  together  allows  us  to  mon¬ 
itor  BIOS,  fan  speeds,  disk  health,  system 
memory  and  chassis  intrusion  with  the 
robust  console  and  intricate  reporting 
mechanisms  in  Altiris,”  Read  says. 

OMCA  3.0  costs  about  $50  per  managed 
client.  Dell  clients  can  download  the  hard¬ 
ware-monitoring  application  for  free  from 
the  Dell  Web  site.  ■ 
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building  its  disaster  recovery  capabilities 
to  mesh  with  the  capabilities  of  Exchange 
12,  which  is  expected  to  ship  at  year-end. 

OneServer,  which  focuses  on  fortifying 
the  Exchange  message  store,  is  deployed 
within  a  corporation’s  network  but  is  man¬ 
aged  remotely  by  Azaleos. 

User  management  tasks,  such  as  pass¬ 
word  changes  and  message  store  limits,  are 
handled  by  corporate  administrators 
through  a  Web-based  administrative  con¬ 
sole.  OneServer  includes  Azaleos’  OneStop 
Subscription  Service,  which  does  round- 
the-clock  monitoring  along  with  maintain¬ 
ing  and  managing  the  appliance,  from 
hardware  to  patcf\  management  on 
Windows,  Exchange  and  OneServer’s  third- 
party  software. 

Azaleos  is  using  the  platform  to  monitor 
and  manage  mirroring  between  the 
FAS270  storage  devices  as  part  of  its  new 
disaster  recovery  architecture.“What  some 
disaster  recovery  services  offer  is  access  to 
your  e-mail  from  a  Web  browser,  but  what 
we  have  is  full-fidelity  access  via  Outlook 
that  includes  e-mail,  calendaring  and  con¬ 
tacts,”  says  Keith  McCall,  CTO  of  Azaleos. 
“One  of  the  benefits  you  have  there  is  that 
you  don’t  have  to  retrain  your  employees 
on  how  to  access  e-mail  during  a  disaster? 

Azaleos  OneServer  is  priced  at  $30,000 
and  supports  as  many  as  2,500  users. 
Network  Appliance’s  NetApps  FAS270  is 
priced  starting  at  $1 5,000.  ■ 

MESSAGING 

Subscribe  to  our  free  newsletter. 

DocFinder:1011  www.networkworid.com 


- 


_THE  INVASION 

_DAY  11:  These  commoditized  clones  have  taken  over. 
Haven’t  been  outside  in  days.  Living  off  instant 
coffee  and  a  tin  of  breath  mints.  :-( 

_DAY  12:  They’re  breeding.  Multiplying.  Multiple 
apps.  Multiple  databases.  They  must  have  a  queen. 

_Help. . .  me _ 


llllilllllllni 
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SPECIAL  FOCUS 


DATABASE  UPDATE 


XML  databases  gaining  acceptance 


BY  JOHN  COX 

The  surge  in  XML  data  —  and  in  Web  ser¬ 
vices  to  access  it  —  is  forcing  companies  to 
create  new  information  architectures  with 
XML  data  stores  as  the  key  component. 

Just  when  customers  expect  native  XML 
database  products  to  come  into  their  own, 
however,  those  products  are  facing  growing 
competition  from  traditional  database  ven¬ 
dors  such  as  Microsoft  and  IBM.  In  addition, 
Oracle  and  Sybase  are  working  to  persuade 
enterprise  IT  groups  to  adopt  these  next- 
generation  data  stores,  along  with  data 
management  and  application  develop¬ 
ment  tools,  as  the  building  blocks  of  a  new 
enterprise  information  architecture. 

The  use  of  an  XML  database  often  origi¬ 
nates  in  a  specific  project.  Command 
Financial  Press,  a  New  York  publisher  of 
financial  information,  uses  the  Ixiasoft 
XML  server  to  store  and  manage  content 
for  the  prospectuses  its  mutual  fund 
clients  —  each  of  whom  may  have  scores 
of  funds  —  publish  yearly  “Much  of  the 
data  is  unique,  but  a  lot  of  it  is  common 
to  all  of  a  client’s  funds,”  says  Will 
Montgomery,  director  of  project  manage¬ 
ment  with  Commands  IT  group. 

In  the  past,  customers  had  to  treat  each 
document  as  a  separate  entity  to  be  writ¬ 
ten,  proofread,  modified,  proofread  again 
and  so  on.  Even  boilerplate  wording  —  oth¬ 
erwise  identical  —  might  have  to  be 
changed  to  identify  each  fund  by  nameTIf 
the  customer  had  a  hundred  funds,  they 
had  to  make  a  hundred  separate  changes 
every  time,”  Montgomery  says. 

Now  a  client  logs  on  to  the  XML-based 
system  through  a  secure  Web  site  and 
works  with  the  documents  in  Microsoft 
Word  2003. The  XML  server  stores  all  text  as 
components,  which  it  assembles  into  fin¬ 
ished  documents  on  request.  Changes  are 
made  once,  then  replicated  through  related 
documents  as  needed. 

Command  Financial  is  evaluating  the 
idea  of  applying  this  same  XML  infrastruc¬ 
ture  to  the  unstructured  information  in 
shareholder  reports. 

Enterprise  XML  adoption 

In  a  recent  study  by  IDC  (see  graphic), 
about  29%  of  approximately  500  corporate 
IT  respondents  said  they  are  widely  using 
XML  content  repositories  and  databases. 
Almost  the  same  percentage  said  they  are 
exploring  such  use.  In  addition,  the  study 
found  wide  use  of  XML  technologies, 
including  editors,  XML-based  electronic 


forms  and  XML  schemas.  Each  technology 
is  widely  used  by  roughly  a  third  of  study 
respondents;  almost  exactly  the  same  per¬ 
centage  of  respondents  said  they  are  explor¬ 
ing  the  use  of  these  technologies.This  rising 
interest  has  been  one  factor  in  traditional 
database  vendors’  product  plans  and  in  the 
ambitions  of  native  XML-server  vendors. 

Microsoft  late  last  year  released  SQL 
Server  2005,  code-named  Yukon,  which  can 
store  and  process  XML  data  without  having 
to  convert  it  into  relational  rows  and 
columns  or  store  it  as  a  binary  large  object. 
Programmers  can  query  the  XML  data 
using  XML  Query  or  XQuery  a  language 
nearing  final  approval  by  the  World  Wide 
Web  Consortium  (W3C). 

IBM  is  beta-testing  DB2  Viper,  which  will 
be  able  to  store  traditional  relational  data 
and  XML  data  natively  Viper  is  due  out  later 
this  year.  IBM  officials  have  been  relating 
Viper’s  XML  data  management  strengths 
explicitly  to  the  requirements  of  service- 
oriented  architectures,  where  programs 
and  data  in  all  formats  can  be  categorized, 
found, accessed  and  used  via  standard  Web 
services  interfaces. 

The  W3C  is  in  the  last  stages  of  creating  a 
final  recommendation  for  XQuery  which 
will  create  a  standard  query  language  for 
accessing  and  processing  stored  XML  data. 
It  will  be  the  XML  equivalent  of  the  SQL  lan¬ 
guage  for  relational  databases  and  vastly 
simplify  programming  of  XML  applications. 

XML  is  increasing  the  common  represen¬ 
tation  for  a  growing  chunk  of  information 
that  is  unstructured:  documents, reports  and 
forms.“High-end  publishing  applications,  for 
things  like  technical  manuals  in  aerospace 
or  automotive,  have  been  using  XML  for  a 
while, ’’says  Rita  Knox, Gartner  vice  president 
of  the  high-performance  workplace  group. 
“But  now  it’s  starting  to  move  into  near 
areas,  such  as  banking.  A  common  [XML] 
representation  called  the  Extensible 
Business  Reporting  Language  is  being 
developed  in  banking,  for  sending  reports 
on  assets  and  loans  and  other  information 
to  [Federal  Deposit  Insurance  Corp.] .” 

What  can  I  do  with  it? 

The  key  question,  says  Melissa  Webster, 
program  director  for  content  technologies 
at  IDC,  is:  “What  do  you  do  with  this  [XML 
content]  in  terms  of  providing  content  ser- 
vices?”The  answer  is  driving  the  next  phase 
of  development,  she  says. 

In  general,  she  says,  native  XML  database 
products  and  the  emerging  XML  capabili¬ 


ties  in  traditional  databases  do  a  good  job 
with  the  basics:  scaling  to  handle  large 
stores,  good  performance,  managing  ver¬ 
sions  of  an  XML  document,  linking  pieces 
of  content  together. 

The  real  payoff,  Webster  says,  comes  in 
two  more-advanced  areas.  One  is  revising 
content  continually  in  a  way  that  marries, 
say  updates  or  revisions  to  a  technical  man¬ 
ual  with  annotations  and  notes  created  by 
engineers  using  it  in  the  field. Webster  calls 
this  configuration  management. 

The  second,  more  important  payoff  is 
linking  stored  XML  information  with  criti¬ 
cal  business  processes, such  as  handling  a 
mortgage  loan  or  making  a  repair  to  a  jet¬ 
liner.  You  could  start  with  aircraft  CAD 
engineering  drawings,  generate  from  them 
finished  technical  documentation  for 
engine-repair  mechanics,  then  link  a 
repair  ticket  to  a  specific  subset  of  instruc¬ 
tions  and  drawings,  and  feed  back  work- 
flow  milestones  into  the  repair  history  of 
the  engine  and  to  reports  that  are  gener¬ 
ated  for  the  manufacturer  and  the  Federal 
Aviation  Administration. 

“In  the  past,  technical  manuals  lived  in 
silos  separate  from  the  business  processes 
that  made  use  of  them,”  Webster  says. “The 
humans,  the  mechanics  in  this  case,  had  to 
be  the  go-betweens.  Intelligent  XML  con- 
tent-serving  lets  you  merge  these  together, 
business  processes  with  specific  content.” 

This  potential  is  fueling  the  ambitions  of 
vendors  of  native  XML  products.  Despite 
looming  competition  from  companies 
such  as  IBM,  Microsoft  and  Oracle,  investors 
are  backing  new  start-ups  such  as  Mark 
Logic,  a  San  Mateo,  Calif.,  company  that 
offers  an  XML  content  server. 

“If  XML  content  is  simply  data  that’s 
wrapped  in  XML,  there’s  no  reason  not  to 
use  Oracle  or  Microsoft,”  says  Max 
Schireson,  vice  president  of  customer  solu¬ 
tions  for  Mark  Logic. 

Intelligently  managing  text  and  other  con¬ 
tent  in  complex  documents  and  processes 
is  the  kind  of  problem  relational  databases 
don’t  handle  well,  however.  Publisher 
O’Reilly  Media  uses  the  Mark  Logic  server  to 
create  a  system  college  professors  can  use 
to  create  a  custom  reader  for  a  given 
course.  The  professors  can  do  complex 
searches  of  the  technical  content  from 
O’Reilly’s  vast  library  of  books  and  publica¬ 
tions,  stored  as  XML  documents.  They  add 
their  own  content  and  place  an  order  to 
have  these  selections  printed  on  demand, 
bound  and  shipped  to  their  office.  ■ 


/  have  control,  i  have  a  new  IBM  System  i5r. 


i  control  complexity.  The  one-of-a-kind  System  i5  is  server, 
storage,  software,  database,  and  security,  all  in  one. 

i  control  reliability.  The  System  i5  platform  helps  keep  you  up 
and  running  so  you  can  focus  on  your  business,  not  your  I.  T. 

i  control  flexibility.  This  uniquely  customizable  platform  lets 
you  run  multiple  operating  systems  ( Windows *  LinuxfAlX 5Lf 
and  i5/0S')  simultaneously. 


i  control  my  I.T.  destiny.  IBM  Systems  are  a  range  of  innovative 
servers  and  storage  -  like  the  System  i5  -  designed  to  make  your 
infrastructure  and  your  life  simpler. 


'  V 

IBM.COM/TAKEBACKCONTROL/i5 


•Requires  IXS  or  IXA  to  run  Windows.  Linux,  Microsoft  Windows  and  AIX  5L  operating  systems  must  be  purchased  separately.  IBM,  AIX  5L,  System  i5,  i5/OS,  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business 
Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  trademark  of  Linus  Torvalds  in  the  United  States,  other  countries,  or  both.  Microsoft  and  Windows  are  trademarks  of  Microsoft  Corporation  in  the  United  States,  other  countries, 
or  both.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2006  IBM  Corporation.  All  rights  reserved. 
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8  CARRIER  INFRASTRUCTURE 


EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


In  the  telecom  marketplace,  it  seems  as 
though  the  only  constant  is  change. 
Given  the  mergers,  acquisitions  and 
steady  drumbeat  of  emerging  technolo¬ 
gies  and  trends,  nothing  stays  the  same 
for  long.  Last  year’s  frame  relay  service 
has  morphed  into  MPLS.  Last  year’s  voice 
VPN  is  changing  into  VoIPAnd  last  year’s 
carrier  has  a  new  name,  a  new  logo  — 
and  possibly  a  new  sales  rep. 

One  thing  that  hasn’t  changed,  though,  is 
the  core  set  of  principles  and  guidelines 
for  negotiating  effective  contracts.  As  I 
mentioned  last  week,  the  best  tool  IT  exec¬ 
utives  have  for  managing  all  this  change  is 
a  negotiation  strategy  that  increases  your 
leverage  over  providers. 

What  does  that  mean?  For  starters,  plan 
to  renegotiate  your  contracts  every  three 
years  or  so  —  with  the  right  to  change  car¬ 
riers.  Yes,  it’s  disruptive.  It’s  also  the  best 
way  to  ensure  your  service  stays  top-tier. 

Start  the  negotiation  process  by  issuing 
matrix  RFPs  (which  ask  carriers  to  bid  on  a 
range  of  services  across  a  range  of  geogra¬ 
phies).  Reach  out  to  the  broadest  group  of 


Short  Takes 


■  Former  Cisco  and  Nortel  executive 
Gary  Daichendt  has  resurfaced, 
nine  months  after  abruptly  leaving 
Nortel  three  months  after  he  was 
named  president  and  COO.  Daichendt 
has  joined  IPcelerate,  a  provider  of 
software  applications  for  voice  and 
data  convergence,  as  an  adviser  to 
the  board  and  company  executives. 
His  role  will  include  assisting  the 
board  of  directors  and  senior  man¬ 
agement  in  developing  strategy  and 
execution  of  the  company's  business 
plan.  Daichendt  and  ex-CTO  Gary 
Kunis,  another  former  Cisco  execu¬ 
tive,  left  Nortel  after  a  falling-out  with 
then-CEO  Bill  Owens.  Daichendt 
retired  from  Cisco  in  December  2000, 
where  he  was  executive  vice  presi¬ 
dent  of  worldwide  operations. 


Conducting 

telecom 

talks 

players  possible  —  when  in  doubt,  include 
them.  You'll  winnow  out  the  group  to  a 
shortlist  pretty  quickly 

Even  if  you  don’t  think  you’re  inter¬ 
ested,  ask  the  providers  to  bid  on  next- 
generation  technologies  such  as  MPLS 
and  VoIP  Why?  Providers  are  promoting 
the  shift  to  MPLS  and  VoIP  aggressively, 
because,  as  I’ve  noted  in  several  of  my 
columns,  it’s  good  for  them.  That  means 
prices  might  be  better  than  you  think. 

Engage  your  procurement  and  legal 
teams  early  and  keep  them  involved  in 
process  from  the  get-go.  You’ll  need  their 
help  in  crafting  service-level  agreements, 
escalation  clauses  and  technology  refresh 
clauses  with  teeth  —  meaning  that  if  the 
service  providers  fail  to  deliver,  you  can 
leave  the  contract  without  penalty 

I  realize  the  last  thing  an  overworked 
telecom  manager  wants  to  do  is  change 
providers,  particularly  as  the  result  of  an 
early  termination.  The  threat  of  switching 
doesn’t  sound  like  a  very  effective  club  to 
use  with  carriers,  but  keep  in  mind  that 
the  folks  who’ve  done  it  say  changing  ser¬ 
vice  providers  is  almost  always  much  eas¬ 
ier  and  less  painful  than  they’d  feared. 
Most  of  the  time, you  won’t  have  to  go  that 
far  —  by  simply  invoking  your  right-to- 
leave  contract,  you’ll  generally  get  the 
attention  and  focus  on  fixing  your  issues 
that  you’ve  wanted  all  along.  Of  course, 
this  is  only  true  if  you’ve  actually  got  those 
clauses  in  place  —  which  is  why  it’s  so 
important  to  build  them  in. 

Finally,  your  strategy  should  include 
awarding  your  business  to  multiple  play¬ 
ers  —  don’t  give  all  your  business  to  a  sin¬ 
gle  provider,  even  if  it’s  convenient.  The 
name  of  the  game  is  to  keep  your  options 
open.  Particularly  in  light  of  mergers 
between  the  former  incumbent  local 
exchange  carriers  and  interexchange  car¬ 
riers,  it’s  wise  to  nurture  relationships  with 
cable  companies  and  alternative  carriers, 
which  can  often  provide  alternatives  for 
local  access. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


GENI  looks  to  conjure 
up  next-gen  network 


BY  DENISE  PAPPALARDO 

The  Global  Environment  for  Networking 
Innovations  is  still  in  the  planning  stages, 
but  the  next-generation  research  facility  is 
taking  significant  steps  toward  becoming 
a  reality. 

About  120  people  from  universities 
and  commercial  labs  around  the  coun¬ 
try  recently  gathered  at  a  town  hall 
meeting  in  Arlington,  Va.,  (www.nwdoc 
finder.com/2633)  to  discuss  the  concep¬ 
tual  design  of  GENI,  why  it’s  needed  and 
what  type  of  research  might  be  con¬ 
ducted  over  the  network. 

GENI  will  be  a  National  Science 
Foundation  (NSF)  experimental  facility 


GENI’s  scope 

Topics  to  be  researched  over  the 
experimental  network  include: 

•  Security _ 

» Wireless _ 

•  Optical  transport 

•  Sensors _ 

•  Embedded  systems _ 

•  Distributed  applications  and  services 

•  Network  management 


that  will  let  scientists  conduct  research  that 
goes  beyond  the  constraints  of  today’s 
Internet,  says  Larry  Peterson,  chair  of  the 
GENI  Planning  Group  and  professor  and 
chair  of  the  computer  science  department 
at  Princeton  University 

NSF  first  proposed  GENI  last  summer 
(www.nwdocfinder.com/2634).  GENI  re¬ 
searchers  will  not  be  looking  simply  for  “a 
new  version  of  IR  Peterson  says. 

A  facility  like  GENI  is  needed  for  many 
reasons,  he  says.  One  is  that  the  industry 
will  not  solve  the  problems  of  today’s 
Internet  because  “there’s  not  incentive”  to 
do  so.  Peterson  says  another  reason  is  that 
the  academic  community  views  any 
research  as  “risky”  that’s  not  backward- 
compatible  to  today’s  Internet. 

The  original  GENI  design  includes  a 
national  and  eventually  international 
fiber-optic  network  with  programmable 
routers,  clusters  at  the  edge  sites,  wireless 


subnets  and  peering  to  the  Internet  at 
MAE-East  and  MAE-West.  Peterson  says  this 
will  be  necessary  for  researchers  to  have 
access  to  the  vast  amount  of  content  on 
today’s  Internet. 

GENI  is  still  conceptual,  however.  It  is 
expected  to  take  five  to  seven  years  to 
build, and  a  construction  date  has  not  been 
set,  primarily  because  that  date  is  tied  to 
funding  that  needs  Congressional  approval 
and  is  still  one  to  two  years  off. 

Even  though  the  build  will  take  several 
years  to  complete,  Peterson  points  out 
research  could  get  started  within  the  first 
year  of  construction.“We  continue  to  proto¬ 
type  various  technologies  that  GENI  will 
leverage.  We  expect  these  prototypes  to  be 
sufficiently  advanced  to  give  users  some  of 
the  capabilities  very  early  in  the  construc¬ 
tion  phase,”  he  says. 

Peterson  also  talked  about  some  of  the 
requirements  of  GENI, which  include  archi¬ 
tectural  and  service  neutrality,  virtualiza¬ 
tion  and  real  users. 

The  group  also  is  putting  together  the 
GENI  Community  Consortium  (GCC), 
which  will  run  like  the  IETF  with  its  working 
groups.  The  GCC’s  working  groups,  which 
are  focusing  primarily  on  design  at  this 
point,  are  in  the  areas  of  research  coordi¬ 
nation,  facilities  architecture,  backbone  net¬ 
work,  wireless  subnet,  distributed  services 
and  education  and  outreach. 

One  of  the  prime  goals  of  GENI  is  to 
“change  the  nature  of  networked  and  dis¬ 
tributed  systems  design,”  Peterson  says. 

He  says  that  doesn’t  mean  the  current 
Internet  gets  tossed  out;  instead,  the 
group  hopes  to  design  a  future  Internet 
that’s  more  secure,  available,  manageable 
and  better  suited  for  computing  in  the 
next  decade. 

Other  well-known  experimental  networks 
such  as  lnternet2  are  expected  to  continue 
to  coexist  with  GENI. 

“Internet2  provides  great  value  to  the 
broader  scientific  communityT  Peterson 
says.  “It  has  been  used  to  deploy  new  ser¬ 
vices,  but  it  has  not  met  the  needs  of  the 
networking  research  community  This  is 
because  it  supports  real  users,  and  so  can¬ 
not  tolerate  the  disruptive  research  we 
want  to  do.  GENI  explicitly  tries  to  break 
this  dilemma  by  supporting  both  clean- 
slate  design  and  real  users."  ■ 
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“SUNG  RD  REHEARSED  SCENARIOS 


. 


WITH  US  A  COUPLE  OF  TIMES  A 


YEAR.  SO  WHEN  KATRINA  HIT, 


I  KNEW  OUR  DISASTER  RECOVERY 


PLAN  WOULD  WORK.” 


Harold  Aucoin,  COO 
Gilsbar,  Inc. 


When  it  comes  to  being 
prepared  for  unplanned  IT 
interruptions,  you  need  to 
know  your  systems  are  either  always 
available  or  can  be  quickly  recovered. 
That’s  where  SunGard’s  Information 
Availability  solutions  can  help.  We 
deliver  the  secure  data,  systems, 
networks  and  support  you  require  to 
help  your  business  stay  in  business. 
Because  your  employees,  suppliers 
and  customers  rely  on  you  to  be 
available  every  minute  of  every  day, 
you  need  continuous  access  to 
information  no  matter  what  —  you 
need  Information  Availability. 

For  over  25  years,  businesses  have 
turned  to  SunGard  to  restore  their 
systems  when  something  went 
wrong.  So,  it’s  not  surprising  that 
they  now  turn  to  us  to  give  them 
options  to  make  sure  they  never  go 
down  in  the  first  place.  Plus, 
SunGard  offers  solutions  that  let 
you  remain  in  control  of  your  IT 
environment  and  enjoy  the  flexibility 
required  to  adjust  to  the  changing 
needs  of  your  business. 


SunGard  has  a  wide  range  of  solutions  ranging  from  recovery  to  redundancy  that  address  your  enterprise-wide  requirements. 
Here  are  just  a  few  of  those  solutions: 

System  Recovery,  Mobile  Recovery,  Network  Recovery  and  End-User  Recovery  Services  help  you  get  back  up  quickly 
when  disaster  strikes.  And  when  combined  with  our  Server  Replication  and  Vaulting  for  Distributed  Systems  services, 
you  can  reduce  downtime  and  your  costs  by  25%*. 

Server  Replication.  If  your  server  is  unavailable,  for  whatever  reason,  you  can  have  a  fast  and  easy  recovery  of  your 
Microsoft®  Windows®-based  applications  from  the  replicated  servers  located  at  a  SunGard  facility.  When  your 
applications,  such  as  databases,  e-mail,  and  file  servers,  need  to  be  recovered  in  less  than  24  hours,  Server 
Replication  gives  you  data  center  redundancy  without  the  high  cost  of  building  your  own  secondary  facility. 


Vaulting  for  Distributed  Systems  provides  customers  with  an  automated  and  secure  process  for  critical  data  backup. 
Vaulted  data  is  available  for  easy  recovery  of  production  files.  The  logistics  and  time  needed  for  restoring  data  to 
backup  systems,  whether  for  testing  or  recovery,  are  greatly  improved. 


Your  job  is  to  keep  systems  and  applications  running.  Our 
mission  is  to  keep  people  and  information  connected.  Let’s  work 
together.  To  learn  more,  contact  us  at  1-800-468-7483  or  go  to 
www.availability.sungard.com/masteria  and  get  your  free  copy  of 
the  book  “Mastering  Information  Availability." 

*25%  figure  based  on  the  IDC  White  Paper,  “Ensuring  information  Availability:  Aligning  Customer 
Needs  with  an  Optimal  Investment  Strategy."  Actual  savings  may  vary  depending  on  services  selected. 


SUNGARD 

Availability  Services 


Keeping  People 
and  Information 
Connected "C 
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Redback  touting  low-end  edge  router 


BY  JIM  DUFFY 

Redback  Networks  last  week 
extended  its  edge-router  portfo¬ 
lio  with  a  low-end  version  de¬ 
signed  for  remote  central  offices 
and  small  points  of  presence. 


The  SmartEdge  100  Service 
Gateway  is  a  two  rack-unit 
form-factor  multiservice  broad¬ 
band  aggregation  platform  that 
combines  carrier-class  IP  routing 
with  subscriber-management 


capabilities.  It  is  intended  to 
enable  the  delivery  of  residen¬ 
tial  triple-play  broadband  ser¬ 
vices,  including  VoIP  real-time 
video  and  content  delivery,  and 
business  Ethernet  services,  such 


as  MPLS-  and  Virtual  Private  LAN 
Service-based  VPNs. 

SmartEdge  100  delivers  up  to 
12Gbps  of  throughput  with  8  mil¬ 
lion  packet/sec  of  performance.lt 
has  two  fixed  Gigabit  Ethernet 


ports  that  support  copper  or  fiber 
connections  and  two  FlexSlots 
that  support  modular,  subscriber¬ 
facing  Ethernet  media  interface 
cards  (MIC). 

The  supported  MICs  are  12-port 
100  FX  or  1 0/1 00  TX  Fast  Ethernet 
interface  cards. 

The  SmartEdge  100  addresses 
network  segments,  such  as  the 
access  layer,  where  fewer  sub¬ 
scribers  and  ports  are  required, 
Redback  says.  In  addition  to 
smaller  POPS  and  remote  central 
offices,  the  router  is  designed  for 
new  network  deployments,  such 
as  wireless  network  aggregation 
and  backhaul,  and  multitenant 
units,  such  as  university  dormi¬ 
tory,  hospitality  healthcare  and 
government  organizations. 

The  SmartEdge  100  includes  all 
of  the  modular  operating  system 
software  and  programmable  hard¬ 
ware  capabilities  of  the  higher-end 
SmartEdge  400  and  800  models, 
Redback  says.  It  performs  sub¬ 
scriber  management  for  as  many 
as  8,000  simultaneous  subscribers, 
with  traffic  management,  eight 
queues  of  Hierarchical  Quality  of 
Service  per  subscriber,  16,000  vir¬ 
tual  LANs  (VLAN)  and  multicast. 

Analysts  say  it  will  allow  service 
providers  to  extend  subscriber 
management  and  service  routing 
closer  to  the  user  without  having 
to  construct  a  separate  Ethernet 
aggregation  layer  to  keep  the 
costs  of  increasing  subscriber 
density  in  check.  Specifically  the 
SmartEdge  100  will  go  up  against 
other  fixed-configuration,  low- 
density  devices,  such  as  Cisco’s 
ME  6500  and  3400,  Alcatel’s  7250 
service  aggregation  system  and 
Riverstone’s  15100  and  15200 
aggregation  routers. 

Redback  has  experienced 
some  recent  success  in  carrier 
edge  routing.  It  has  a  significant 
contract  with  BellSouth  for  that 
carrier’s  next-generation  broad¬ 
band  buildout,  and  sales  grew 
36%  in  the  fourth  quarter  of  2005, 
according  to  Dell’Oro  Group.  Its 
revenue  market  share  almost 
doubled  in  2005,  from  3.6%  to 
6.4%,  according  to  Dell’Oro. 

SmartEdge  100  is  scheduled  to 
ship  in  the  second  quarter.  Pricing 
was  not  disclosed.  ■ 
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Leviton  makes  it  easy 


Easy  to  install.  Easy  to  integrate.  Easy  to  fit  into  almost  any  environment  including 
enterprise,  data  center,  and  service  provider  networks. 

What  makes  Leviton  fiber  optics  systems  so  easy  to  work  with  is  our  vast  selection 
of  advanced  products.  Like  custom-configured  Plug-n-Play  Fiber  for  rapid  deployment 
in  Data  Centers,  or  LightSpace™,  the  ideal  connectivity  solution  for  Central  Office  and 
Fiber-to-the  Premises  (FTTP)  networks. 

Whatever  fiber  optic  connectivity  you  need,  Leviton  has  the  solution.  Please  call 
800.722.2082  or  visit  www.levitonvoicedata.com  for  more  information. 


LEVITON'S  PLUG-N-PLAY  FIBER  SYSTEM 

Factory  terminated  in  minimum  time 

Enclosures  &  Adapter  Brackets 

Double  the  density  of  standard  systems 

MTP  Panels  &  Modules 

75%  reduced  installation  time 

Trunk  Cables,  Harnesses  &  Jumpers 
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Enterprise  Management  Associates... 

In  the  Business  of  Knowing. 

Security Compliance  and  Enterprise  Management:  Key  Domains  of  Convergence 

EMA  surveyed  100  compliance-sensitive  enterprises  to  find  out  which  security  and  compliance  management  tools  are  most  critical 
to  managing  the  enterprise... as  well  as  which  management  solutions  have  the  highest  value  in  assuring  security  and  compliance. 

Contact  EMA  for  your  copy  of  our  recent  Market  Research  Study  to  find  out  the  results  of  this  survey  and  the  drivers  behind  the 
trend  toward  integrating  security  and  compliance  with  IT  solutions  for  the  enterprise.  See  where  the  message  of  integrated  security 
matches  the  needs  of  your  business  -  and  see  where  your  peers  think  tomorrow’s  solutions  could  go  to  better  integrate  solutions 
that  secure  and  manage  compliant  IT.  Contact  Bruce  Lehman  at  303.543.9500  ext.  112  or  blehman@emausa.com. 
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Enterprise  Management  Associates  is  the  foremost  authority  in  all  aspects  of  Information 
Technology  Management.  Since  1 996,  EMA  has  provided  insights  and  advice  to  clients  to 
help  them  make  better-informed  decisions.  EMA  is  viewed  by  clients  as  an  extension  of  their 
organization;  providing  in-depth  expert  guidance  and  competitive  market  intelligence. 

For  more  information  regarding  EMA’s  portfolio  of  services  log-on  to  www.emausa.com 
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Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/security 


Free  Security  Training:  Help  secure  your  network  with  security 
webcasts  and  in-depth,  online  courses.  Register  now  for  free 
security  management  training,  including  upcoming  Security 
Summits  in  one  of  five  major  cities. 


Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content. 


Microsoft  Security  Assessment  Tool:  Complete  this 
free,  online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 


►  Free  Tools  and  Updates:  Streamline  patch  management  with 
automated  tools  like  Windows  Server  Update  Services.  And 
verify  that  your  systems  are  configured  for  maximized  security 
with  Microsoft  Baseline  Security  Analyzer. 
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Mobile  workers  tap  unified  messaging 

Underachieving  technology  is  getting  a  second  chance  as  telework  booms. 


BY  ANN  BEDNARZ 

Aging  voice  mail  systems, increasing  inter¬ 
est  in  IP  telephony  and  a  surge  in  the  mo¬ 
bile  workforce  are  driving  companies  to 
consider  unified  messaging  —  a  technol¬ 
ogy  that  has  fallen  short  of  expectations  for 
a  long  time. 

Unified  messaging  products  are  designed 
to  streamline  the  way  users  manage  their 
phone,  fax  and  e-mail  messages.  With  uni¬ 
fied  messaging,  users  can  open,  sort  and 
archive  voice  mail  messages  from  their 
email  interfaces,  for  example,  or  listen  to 
email  messages  from  telephones. 

Products  have  been  available  for  more 
than  a  decade,  but  adoption  of  unified 
messaging  technology  has  been  slow. 
That’s  starting  to  change,  particularly  as 
more  employees  spend  more  time  work¬ 
ing  away  from  the  office,  either  on  the 
road  or  from  home. 

Companies  are  looking  for  tools  to  make 
the  mobile  population  more  productive, says 
Brad  Herrington,  product  marketing  man¬ 
ager  at  Unified  Communications.“There  are 


■  Forty-three  percent  of  U.S.  gov¬ 
ernment  employees  sometimes 


telecommute  instead  of  driving  into 
the  office,  up  from  19%  a  year  ago, 
according  to  a  recent  survey  by  gov¬ 
ernment-focused  IT  vendor  CDW 
Government.  In  the  study,  28%  of  fed¬ 
eral  IT  workers  surveyed  said  they 
believe  that  their  agencies  provide  IT 
support  to  all  eligible  teleworkers,  up 
from  just  5%  of  respondents  in  2005. 
The  survey  of  542  U.S.  government 
workers  and  235  federal  IT  profes¬ 
sionals  found  that  federal  employees 
with  the  option  to  telecommute  are 
happier  with  their  jobs.  Ninety-one 
percent  of  those  with  the  option  were 
very  satisfied  or  satisfied  with  their 
jobs,  compared  with  80%  of  those 
who  did  not  have  the  option.  Eighty- 
four  percent  of  federal  government 
employees  would  telecommute  if 
given  the  option,  the  survey  said. 


a  lot  of  things  people  can  do  with  a  Black- 
Berry  or  Fbcket  PC.They  can  get  their  e-mail 
and  chat.  But  they  still  have  to  call  in  some¬ 
where  to  retrieve  their  voice  mails." 

With  unified  messaging,  a  user  can  be 
alerted  when  a  new  voice  mail  message  is 
left  on  a  company  extension,  then  access 
the  message  in  WAV  file  format  and  play  it 
on  a  handheld  device,  Herrington  says. 

In  the  past,  it  was  tough  to  justify  a  uni¬ 
fied  messaging  rollout  based  solely  on  the 
convenience  of  such  features.  But  as  cor¬ 
porate  voice  mail  systems  reach  retire¬ 
ment  age,  companies  have  the  rationale 
they  need  to  consider  unified  messaging- 
enabled  replacements. 

Cost  justification 

Many  corporate  voice  mail  systems  are 
getting  old,  and  vendors  are  announcing 
plans  to  cease  development  and  stop  pro¬ 
viding  support  for  a  lot  of  legacy  gear,  says 
Krithi  Rao,  a  research  analyst  at  Frost  & 
Sullivan.  First-generation  voice  mail  sys¬ 
tems  from  vendors  such  as  Octel,  Centi¬ 
gram  and  Digital  Sound  are  dead  or  on 
their  last  legs. 

As  replacement  becomes  unavoidable,  IT 
buyers  are  considering  unified  messaging 
products  from  major  vendors  such  as 
Avaya,  Cisco  and  Nortel,  as  well  as  smaller 
specialists  such  as  Active  Voice,  Adorno, 
AVST  and  Unified  Communications. 

The  proof  is  in  the  numbers.  After  ane¬ 
mic  growth  in  2003,  the  market  for  unified 
messaging  products  is  starting  to  take  off. 
Vendors  reported  an  average  12%  revenue 
growth  in  2004  —  a  big  increase  over  the 
4%  reported  in  2003  and  a  huge  gain  for  a 
mature  market,  according  to  IDC.Last  year 
the  market  grew  an  additional  9.9%  to 
$362  million,  and  IDC  expects  it  to  in¬ 
crease  by  9%  this  year. 

Microsoft’s  renewed  focus  on  unified 
messaging  is  another  indication  of  how 
hot  the  market  is  getting.  The  company 
plans  to  include  a  unified  messaging  com¬ 
ponent  in  Exchange  12,  which  is  due  out 
by  early  2007. 

The  right  fit 

For  companies  interested  in  unified  mes¬ 
saging,  an  important  factor  to  consider  is 
architecture.  Not  all  platforms  work  the 
same.Some  store  different  message  types  in 
a  single  repository,  and  others  provide  a  sin¬ 


Time  lor  unified  messaging 

After  a  decade  of  largely  unfulfilled 

expectations,  unified  messaging  is 

getting  renewed  attention  from 

small  and  midsize  IT  buyers. 

Opportunities 

•  Increases  employee  productivity  by  streamlining 
message  handling. 

•  Can  be  wrapped  into  a  larger  effort  to  provide 
unified  communications,  including  conferencing 
and  collaboration  technologies. 

•  Can  serve  as  a  stepping  stone  to  deploying  more 
complex  IP  telephony  technologies. 

Challenges 

•  Can  be  difficult  to  justify  an  ROI  based  on 
employee  productivity  gains. 

•  Requires  integration  with  a  number  of  systems, 
including  PBX,  e-mail,  and  directory  server. 

•  Users  need  to  be  trained  in  new  features  and 
nuances  of  managing  and  archiving  messages 
via  e-mail. 


gle  access  layer  but  use  separate  message 
stores  for  each  message  type. 

Companies  need  to  evaluate  the  architec¬ 
ture  carefully  that  makes  the  most  sense  for 
them,  Rao  says.  In  some  cases  it,  may  be 
desirable  from  a  record-keeping  perspec¬ 
tive  to  store  related  voice  mail  and  e-mail 
messages  together.  In  addition,  having  only 
one  message  repository  to  administer  and 
manage  may  appeal  to  some  companies. 

On  the  other  hand,  some  companies  view 
a  single  message  store  for  voice  mail  and 
e-mail  messages  a  liability  “If  their  e-mail 
goes  down,  they  don’t  want  their  voice  mail 
going  down  at  the  same  time,”  Rao  says. 

Integration,  too,  is  no  small  matter.  Unified 
messaging  products  often  are  tied  to  a 
number  of  existing  enterprise  systems. 
When  University  of  California  at  Berkeley 
went  live  with  Unified  Communications’ 
Communite  software  last  fall,  it  integrated 
the  system  to  its  e-mail  systems,  Centrex 
and  Nortel  PBX  gear,  iPlanet  Lightweight 
Directory  Access  Protocol  (LDAP)  direc¬ 
tory  and  Kerberos  security  system. 

For  companies  wanting  an  all-in-one 
package,  there  are  unified  messaging  ven¬ 
dors  that  will  bundle  items  such  as  a 


directory  server, storage  and  security  func¬ 
tions  with  the  messaging  features  to  cre¬ 
ate  a  stand-alone  system.  But  UC  Berkeley 
wanted  to  make  use  of  its  existing  sys¬ 
tems,  including  the  campus  LDAP  direc¬ 
tory  and  storage-area  network  (SAN), says 
Terri  Kouba,  a  systems  developer  at  the 
university 

This  made  the  implementation  more 
complex,  but  ongoing  management  easier. 
“In  my  unit,  which  is  communication  and 
network  services,  we  can  have  the  expertise 
in  the  ISDN  piece  of  it  and  the  voice  net¬ 
work,  but  we  don’t  have  to  know  LDARand 
we  don’t  have  to  have  a  SAN  expert.  We  can 
utilize  the  expertise  that  already  exists  on 
campus,”  Kouba  says. 

Companies  also  should  consider  their 
long-term  plans  for  IP  telephony  when 
choosing  a  unified  messaging  platform,  ex¬ 
perts  say  IP  isn’t  a  prerequisite  for  unified 
messaging  —  companies  can  deploy  a  uni¬ 
fied  messaging  suite  alongside  a  conven¬ 
tional  TDM  phone  switch,  which  UC 
Berkeley  did. 

But  IP  and  Session  Initiation  Protocol 
technologies  are  forcing  companies  to  re¬ 
consider  their  infrastructure,  Rao  says.  As 
they  do  so,  it  makes  sense  to  consider  voice 
mail  replacements  that  offer  unified  mes¬ 
saging  capabilities  and  can  take  advantage 
of  interactivity  among  phone,  e-mail  and 
instant  messaging  applications. 

Lately  vendors  have' been  tweaking  their 
unified  messaging  products  to  minimize 
disruptions  during  rollouts. 

For  example,  by  incorporating  com¬ 
mands  that  are  familiar  to  users,  such  as 
“delete,”  “move”  and  “forward”  for  manag¬ 
ing  voice  mail  messages  via  an  e-mail 
interface,  vendors  can  lessen  the  user 
training  requirement.“Users  are  able  to  use 
the  same  controls,  same  interface,  same 
commands.  Everything  they  do  with  e-mail 
they  can  now  do  with  voice  messages  as 
well,”  Rao  says. 

It’s  important  to  evaluate  what  level  of 
access  to  give  to  each  user,  Rao  says.  Not 
every  employee  needs  all  the  features 
available  in  a  unified  messaging  platform, 
and  companies  can  save  money  by  judi¬ 
ciously  doling  out  access  to  employee  seg- 
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Savings  That  Will 
Get  Small  Businesses 
Talking! 

Introducing  the  Linksys  Voice  System  9000,  a  fully-featured  multi-line  Internet 
phone  system  perfect  for  small  businesses  everywhere!  It's  inexpensive  to  buy  and 
easy  to  install,  costing  35%  less  than  conventional  key  systems.  You'll  also  save 
money  on  your  monthly  phone  bill  by  using  Voice  over  IP  for  your  telephone  calls. 


•  Auto-attendant  and  music  or  message  on  hold 

•  Advanced  PBX  features  like  call  transfer,  call  parking,  intercom 
paging,  multi-line  conference  calls,  hunting,  shared  lines, 

call  forwarding,  and  more 

•  Add  up  to  1 6  phones  as  your  business  grows 


For  more  information  on  the  new  Linksys  Voice  System, 

visit  www.iinksys.com,  or  call  1-800-LINKSYS. 


Linksys  Voice  System  Components 


•  SPA901  with  1  extension 


•  SPA921 ,  SPA922  with  1  extension  and  display 

•  SPA941 ,  SPA942  with  2  or  4  extensions 

and  display 


Internet  Telephony  Service  Providers 
supporting  the  Linksys  Voice  System  include: 


mPHoncx 


©0C6  VoicePulsl^ 

,  |  Broadband  Phono  Sorvico 


Technologies,  Inc 


•Infonetics  2004.  Linksys  is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in  the  U.S.  and  certain  other  countries. 
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TECHNOLOGY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 

Federated  database  manages  change 


HOW  IT  WORKS:  Federated  configuration  management 

database  (FCMDB) 

An  FCMDB  pulls  relevant  information  from  various  databases  to  show  changes 
to  a  network  and  troubleshoot  problems. 

Federated  configuration 

management  database 

<- 


Advanced  cabling  management 
software  provides  location 
information  for  workstations 
with  acceptable  connection 
criteria. 


Facilities 
management 
database  provides 
power  grid  location 
information. 


Network  management 
database  supplies 
computer  access,  activity, 
switch  port  VLAN,  alarms 
and  UPS  alarm  information. 


User  management 
database  supplies 
pertinent  user 
account  information. 


Q  A  user  reports  a  power  outage  in  his  cubicle. 

El  Help  desk  personnel  opens  a  dictionary  or  other  view  supplied  by  the  FCMDB. 
B  The  FCMDB  pulls  pertinent  information  from  other  databases. 


BY  JOHN  NIELSEN 

A  configuration-management  database 
serves  as  a  central  repository  of  informa¬ 
tion  that  documents  changes  to  a  network. 
However,  some  organizations  try  to  track 
too  many  things  in  one  place.  When  that 
happens,  IT  is  less  likely  to  use  the  database, 
which  minimizes  the  effectiveness  of  a 
change-management  program. 

One  alternative  is  a  federated  configura¬ 
tion  management  database  (FCMDB),  in 
which  configuration  data  is  segmented  by 
type.  When  needed,  relevant  information  is 
pulled  out  of  each  segment  to  provide  a 
big-picture  view  of  whatever  issue  is  being 
addressed.  This  approach  eases  data  entry 
and  lets  data  be  accessed  as  needed  from 
any  of  the  databases. 

Minimum  requirements 

While  there  are  any  number  of  databases 
that  can  be  included  in  an  FCMDB,  at  the 
minimum  it  should  include  network  man¬ 
agement,  user  management,  facilities  man¬ 
agement  and  advanced  cable  manage¬ 
ment  software  (ACMS).  These  databases 
cover  most  of  the  core  areas  where  prob¬ 
lems  and  changes  occur. 

The  first  three  are  obvious  —  most  orga¬ 
nizations  have  network-,  user-  and  facilities- 
management  applications  in  place  in  some 


Got  great  ideas? 


■  Network  World  's  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Amy 

Schurr  (aschurr@nww.com). 


form.The  ACMS,  however,  is  a  relatively  new 
technology  that  complements  the  others. 
For  example,  network  management  data¬ 
bases  will  tell  you  to  what  switch  port  a 
device  is  connected,  but  that’s  all.  By  inte¬ 
grating  it  with  an  ACMS  package  through  an 
FCMDB, you  can  also  track  that  device’s  pre¬ 
vious  and  current  connection  paths,  as  well 
as  design  future  paths  from  switch  port  to 
patch  panel  to  wall  jack. 

How  it  works 

Here’s  how  an  FCMDB  would  work.  Say  a 
user  contacts  a  help  desk  to  report  that 
there  is  no  power  in  his  cubicle,  as  well  as 
in  several  others  in  his  workgroup.  Others  in 
the  area  have  power,  but  no  network  con¬ 
nectivity  Still  others  appear  to  have  network 
connectivity  but  are  on  different  virtual 
LANs  (VLAN).  The  help  desk  forwards  the 
trouble  ticket  to  the  IT  group.  By  having  an 
FCMDB,  IT  can: 

•  Browse  to  the  affected  cubicles  using 
the  facilities-management  database. 

•  Use  the  network  management  database 
to  view  UPS  information,  in  which  it  might 
see  that  there  was  a  momentary  brownout 
the  previous  night  and  some  circuit  break¬ 
ers  were  tripped. 

•  See  on  the  network  management  data¬ 
base  that  the  switch  is  reporting  an  error 
and  several  ports  have  an  alarm. 

•  Confirm  with  the  network  management 
database  that  night  users  for  this  group 
logged  on  to  different  workstations  and 
were  able  to  work;  because  of  this,  they  did 
not  alert  the  on-call  IT  personnel  to  the 
problem. 

•  Locate  the  workstations  the  night  users 
logged  on  to  using  network  management 
database  and  ACMS. 


•  Direct  the  user  who  made  the  call  and 
others  in  his  workgroup  to  operational 
workstations  until  the  problem  is  fixed. 

Three  key  advantages 

By  using  an  FCMDB  rather  than  an  ad  hoc 
change-management  system,  an  IT  employ¬ 
ee  has  the  data  needed  to  track  the  source 
of  a  problem  and  determine  the  scope. 
Segmented  data  makes  it  easier  to  pull  up 
only  what  is  relevant  to  a  problem,  and  an 
administrator  is  able  to  find  a  solution  more 
quickly  Even  small  changes  to  an  infra¬ 
structure  can  have  a  cascading  effect  that 


leads  to  downtime  and  lost  productivity 

When  you  consider  that  taking  even  an 
hour  to  determine  the  cause  of  a  problem 
is  now  unacceptable  in  many  industries, 
the  old  methods  of  change  management 
are  no  longer  sufficient.  An  FCMDB  assures 
that  information  on  changes  to  a  network  is 
documented  and  easily  accessible, expedit¬ 
ing  problem  resolution  today  while  also 
providing  a  basis  for  more  intelligent 
planned  changes  in  the  future. 

Nielsen  is  a  systems  engineer  at  iTRACS. 
He  can  be  reached  at  jnielsen@itracs.com. 


Ask  Dr.  Internet  By  Steve  Blass 


What  would  be  a  more  secure  way  to  provide 
remote  access  to  internal  intranet  resources 
—  an  SSL  VPN  or  Windows  Remote  Desktop? 

The  protocol-level  security  of  the  SSL  VPN  is  roughly 
the  same  as  Remote  Desktop's  security.  Both  are  sus¬ 
ceptible  to  the  same  kinds  of  man-in-the-middle  eaves¬ 
dropping  attacks,  and  the  same  downloadable  tool  kits 
are  capable  of  compromising  both  connections.  The 


most  secure  choice  is  the  one  you  can  best  monitor  and 
manage  over  time.  SSL  VPNs  typically  require  the  instal¬ 
lation  of  a  third-party  VPN  client  software  package, 
while  the  Remote  Desktop  access  client  is  part  of 
Windows  XP.  If  your  users  are  all  using  XP,  and  their 
needs  can  be  met  by  providing  remote  access  to  a 
workplace  desktop,  this  may  simplify  administration, 
compared  with  rolling  out  and  maintaining  an  SSL  VPN. 

But  if  you  want  to  provide  access  to  a  limited  set  of 


internal  resources  to  a  more  tightly  controlled  group  of 
users,  then  an  SSL  VPN  system  could  be  a  better  fit  for 
policy  and  implementation  requirements.  The  key  is  to  be 
able  to  monitor  and  track  activity  in  the  network,  in 
order  to  identify  inappropriate  usage  patterns,  as  well  as 
react  and  control  the  network  enough. 

Blass,  a  network  architect  at  Change@Work  in  Houston, 
can  be  reached  at  dr.internet@changeatwork.com. 
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Useful  U3  applications 


For  the  last  two  weeks  we  have 
been  discussing  U3  flash  drives,  an 
emerging  standard  for  control 
ling  and  managing  “portable” 
applications  (see  www.nwdoc 
finder.com/2629  and  /2630). 

As  discussed  last  week,  U3  applica¬ 
tions  are  Windows  applications  im¬ 
plemented  at  one  of  three  levels: 
U3LP  U3LP+  or  U3A. 

U3LP  applications  are  installed  on 
a  U3  device  along  with  their  configu¬ 
ration  data,  user  preferences  and 
associated  files,  while  U3LP+  applications  also  come  bun¬ 
dled  with  and  use  the  U3  Device  API  (DAPI)  Dynamic  Link 
Library  (DLL).  U3A  applications  are  host-based:  The  pro¬ 
grams  are  installed  on  a  host  PC  and  use  the  U3  DAPI  DLL 
to  detect  and  communicate  with  U3  thumb  drives  when 
they  are  inserted  into  the  host. 

You  will  want  to  add  programs  to  a  U3  drive, and  the  place 
to  go  is  http://software.u3.com.The  U3  download  site  pro¬ 
vides  freeware  and  commercial  programs.  The  freeware 
offerings  include  products  such  as  Mozilla  Firefox,  Skype 
and  OpenOffice,  while  commercial  products  include 
Roboform’s  Pass2Go  and  the  Fbrtable  Edition  of  ThinkFree 
Office  3. 

Some  commercial  products  on  the  site, such  as  ThinkFree 
Office,  are  not  linked  directly  to  the  vendor’s  site  but  to  a 
download  of  a  trial  version.  This  kind  of  quasi  bait-and- 


switch  selling  is  ridiculous. 

Anyway,  there  are  lots  of  U3-compliant  applications  avail¬ 
able  on  the  site,  although  none  explicitly  states  its  level  of 
compliance. 

We  have  used  a  few  of  these  applications  and  have  been 
impressed.  For  example,  we’ve  used  Roboform’s  Pass2Go 
(www.nwdocfinder.com/2631),  and  we  discussed  Robo- 
form  last  year  (www.nwdocfinder.com/2632). 

For  low-input  and  -output 
applications,  U3  technology 
is  fine. 

When  launched  from  a  U3  drive,  Phss2Go  will  provide  all 
of  the  site-logon  and  password-capture  functions  that  the 
standard  Roboform  provides  but  use  the  site  logon  data 
stored  on  the  U3  drive.  If  Roboform  is  installed  on  a  PC, 
Pass2Go  will  take  over,  substituting  the  U3-stored  site  logon 
data  for  the  host-based  logon  data. 

Another  U3  application  we  tried  is  the  beta  version  of 
Accomplice  (www.accomplice.com),  which  aims  to  fill  a 
gap  in  the  personal-organizer  market,  at  least  as  far  as 
Microsoft  Outlook  is  concerned. 

This  is  a  good  thing,  as  Outlook’s  Tasks  feature  is  wimpy 
and  not  well  suited  to  managing  tasks  for  a  team  unless  you 
are  using  Exchange  (which  introduces  another  problem). 
The  problem  for  most  people  is  that  the  next  step  up,  a  full¬ 
blown  project-management  system,  is  overkill.  Accomplice 


aims  to  fill  that  gap  as  well  as  address  the  challenges  of  team 
task  coordination  and  integration  with  Outlook. 

Accomplice  can  be  run  as  a  regular  Windows  application 
or,  in  its  U3  incarnation,  launched  from  a  U3  drive. 

Accomplice’s  activities  (we  think  it  would  have  been  bet¬ 
ter  to  stick  with  the  term  “tasks”)  include  a  description,  an 
importance  assignment,  due  date,  status  and  next  steps  (a 
freeform  text  field  where  you  can  log  anything  pertaining 
to  the  progress  of  an  activity). 

You  can  synchronize  Accomplice  with  Outlook  Tasks  and 
Contacts  items,  and  import  activities  from  a  spreadsheet. 
Accomplice  also  provides  a  pop-up  toolbar  that  appears,  by 
default,  at  the  top  of  the  screen  in  much  the  same  style  as 
the  Wndows  Start  bar.  In  its  U3  form,  Accomplice  stores  all 
of  its  settings  and  task  data  on  the  U3  drive. 

In  its  current  beta  version  Accomplice  looks  very  good 
and  potentially  is  a  cost-effective  alternative  to  group  task 
management  with  Outlook  minus  Exchange.  Interestingly 
Accomplice  looks  like  a  tool  that  could  effectively  support 
the  Get  Things  Done  philosophy  (see  www.davidco.com). 

What  these  U3  applications  demonstrate  is  that  for  low- 
input  and  -output  applications,  U3  technology  is  fine.  While 
application  loading  is  noticeably  slow,  as  long  as  the  appli¬ 
cation’s  reading  and  writing  to  the  U3  drive  is  what  we  shall 
term  “casual,”  operational  performance  will  be  adequate. 

In  short,  there  is  a  lot  to  recommend  U3  applications. 

Store  your  thoughts  at  gearhead@gibbs.com  or  on 
Gibbsblog. 


GEARHEAD 
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CoolTools 

Quick  takes  on  high-tech  toys.  Keith  Shaw 


What  happens  when  I  receive  a  product  that  doesn’t  work  as 
4  advertised?  Because  this  is  the  Cool  Tools  column,  1  feel  it’s  an  oxy¬ 
moron  to  give  out  a  one-star  review.  If  a  product  makes  the  column, 
it  is  usually  cool  enough  to  be  mentioned.  But  sometimes  there  are  products  and 
companies  that  are  cool  in  concept  but  come  up  short. 

The  scoop:  Soldiusl  Universal  Power  Charger, about  $1 10,  from  mysoldius.com. 

What  it  is:  The  Soldiusl  is  a  small,  85-gram,  solar-powered  charging  device  that 

comes  with  several  electronic  device 
adapters.  Connected  to  a  device  such  as 
an  iPod  or  a  mobile  phone,  the  Soldiusl 
can  harness  the  sun’s  energy  and 
help  recharge  the  device. 

Why  it’s  cool:  The  idea  is  great 
—  mobile  travelers  who  forget 
to  pack  their  normal  power 
charger  or  hikers  who  have  no 
access  to  electricity  and  want  a  quick 
recharge  can  connect  the  device  and 
use  the  power  of  the  sun  to  get  up  and 
running  again. 

What  went  wrong:  Unfortunately,  the 
Soldiusl  relies  on  the  sun.  It  is  great  if 
you’re  in  Tempe  or  Tampa,  but  if  you  live 
in  Seattle  or  Syracuse  (or  even  Southborough,  Mass.), sunny  days  are  a  crapshoot. 
Even  when  I  had  some  sunshine,  the  recharging  speed  of  the  device  left  me  baffled 
—  the  company  promises  a  full  recharge  in  two  to  three  hours, something  that  in 
my  best  attempts  1  couldn’t  accomplish.!  would  have  preferred  a  device  that  stores 


The  solar  Soldiusl  Universal  Power 
Charger  left  us  in  the  dark. 


solar  energy  and  saves  it  in  an  internal  battery  then  when  I  needed  a  quick 
recharge  I  could  connect  my  device,  instead  of  waiting  for  the  sun  to  appear. 

Grade:  ★★  (out  of  five) 

The  scoop:  Project-a-Phone,  about  $200,  from  Project-a-Phone 

What  it  is:  The  Project-a-Phone  lets  you  mount  a  mobile  phone  or  other  mobile 
device  on  it  and  project  the  image  from  the  device’s  screen  into  software  on  a  PC. 
The  Project-a-Phone  connects  to  a  PC  via  USB  cable,  and  there’s  a 
minicamera  that  captures  the  image  from  the  screen  and  pro¬ 
jects  it  to  the  computer. 

Why  it’s  cool:  Sales  staff  who  need  to  show  a  presentation 
or  content  on  their  smartphones  or  mobile  devices  can 
make  the  image  larger  so  clients  don’t  have  to 
crowd  around  a  tiny  screen.  Instead  of  carrying 
around  a  mobile  projector,  employees  in 
theory  could  use  the  Project-a-Phone  and  dis¬ 
play  the  contents  on  a  notebook  screen. 

What  went  wrong:  Because  the  Project-a- 
Phone  needs  to  accommodate  several  devices, 
mounting  it  became  an  exercise  in  turning  screws 
and  a  lot  of  trial  and  error  before  the  display  showed 
up  correctly  After  positioning  the  screen  correctly,  I 
found  the  light  coming  from  the  phone  was  so  bright 
it  washed  out  the  image  on  my  PC  screen  (even  turn¬ 
ing  down  the  power  of  the  screen  on  the  phones 
didn’t  improve  things  much).  I  also  had  to  focus  the 

lens  on  the  camera  manually  to  get  a  clearer  image.  To  be  fair,  1  was  using  an  early 
model,  and  the  company  says  updated  versions  are  on  the  way. 

Grade:  ★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 


The  Project-a-Phone  washed 
out  the  images  from  our  cell 
phones. 
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When  information 
comes  together, 

Toyota  can  build  a 
faster  car  in  two  weeks 
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Searching  for 
system  errors 

Search  tools  have  simplified  our  lives  in  many  ways, so 
why  not  network  management?  So  reason  the  founders 
of  Splunk,  a  start-up  that  has  released  a  search  product 
to  make  sense  of  logs  and  other  types  of  event  information 
generated  by  systems  as  they  go  about  their  business. 

Michael  Baum,  founder  and  chief  executive  splunker  (yes, 
it  says  that  on  his  card), says  troubleshooting  individual 
boxes  is  not  hard.The  fun  begins  when  you  assemble  multi¬ 
ple  components  into  a  system.  No  single  vendor,  developer, 
architect  or  administrator  owns  the  problems  that  crop  up, 
which  usually  stem  from  operator  error,  configuration  errors, 
or  integration  and  dependency  problems. 

“So  customers  approach  it  the  old-fashioned  way”  he  says, 
“with  picks  and  shovels.’To  find  out  which  of  the  many 
things  that  could  go  wrong  did  go  wrong, you  start  digging. 

One  alternative  is  the  autonomic  self-healing  approach 
advocated  by  IBM.  Baum  argues  that  although  this  approach 
might  be  feasible  with  stand-alone  boxes,  it  is  impossible  at 
the  complex  systems  level.'Automation  is  great,  but  it  adds 
complexity  he  says.“Are  you  really  increasing  mean  time 
between  failures  enough  to  cover  the  mean  time  to  recover 
after  a  failure  in  these  complex  environments?” 

Splunk  sides  with  the  experts  who  are  exploring  recovery- 
oriented  computing.They  assume  systems  are  complex  and 
failures  are  inevitable,  so  therefore  it  is  a  matter  of  how  fast 
you  can  recover. 

Enter  Splunk’s  search  tool,  which  is  all  about  fast  recovery 
A  typical  application  server,  database  or  Web  server  can 
generate  100MB  of  event  data  per  day,  Baum  says.“And  when 
something  goes  wrong,  we  ask  people  to  make  sense  of  it 
all.” With  Splunk’s  search  product,  every  event  builds  a  finger¬ 
print  based  on  its  syntax  and  grammatical  structure.The 
results  are  then  organized  into  buckets,  indexed  by  time  and 
analyzed  for  relationships.That  helps  troubleshooters  quickly 
round  up  pertinent  information  from  a  range  of  resources 
and  sift  through  the  errors  to  find  unique  causal  events. 

Why  not  just  use  a  Google-like  search  tool?  It’s  a  much  dif¬ 
ferent  problem,  Baum  says.  Log  data  changes  every  millisec¬ 
ond  and  all  log  data  is  different, so  it’s  not  like  searching  doc¬ 
uments  or  photos. 

For  now,  the  tool  is  intended  to  be  used  in  Java  2  Platform 
Enterprise  Edition  and  messaging  environments,  and  to  aug¬ 
ment  commercial  systems’  management  tools. 

A  free  version  of  the  product,  called  the  Splunk  Server,  can 
be  downloaded  from  www.splunk.com  and  used  to  index 
up  to  500MB  per  day.  Splunk  Professional  —  which  can  be 
scheduled  to  run  at  set  intervals, supports  multiple  user 
accounts  and  includes  other  features  —  starts  at  about 
$2,500  for  an  annual  license. 


—  John  Dix 
Editor  in  chief 
jdix@nivw.com 
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Great  Firewall  of  China 

Regarding  Linda  Musthaler’s  column  “The  Great 
Firewall  of  China”  (www.nwdocfinder.com/2622):  1 
agree  that  the  U.S.  government  should  leave  the 
technology  providers  out  of  this  debate.  Com¬ 
panies  doing  business  in  foreign  countries  have  an 
obligation  to  abide  by  local  laws,  whether  they  like 
these  laws  or  not.  What  would  happen  if  govern¬ 
ments  that  don’t  support  American  policies  legis¬ 
lated  laws  forbidding  their  national  companies  to 
comply  with  American  laws?  Musthaler  also  is  cor¬ 
rect  that  any  knee-jerk  reaction  is  unlikely  to  have 
an  effect  except  for  the  loss  of  business  to 
American  companies. 

Given  all  the  issues  at  Guantanamo  and  the  pro¬ 
gram  of  domestic  surveillance,  maybe  the  U.S.  gov¬ 
ernment  is  not  in  a  position  to  lecture  other  coun¬ 
tries  on  human  rights  and  would  do  much  better  by 
cleaning  up  its  own  backyard. 

1  also  agree  with  Google’s  argument  that  even  a 
censored  version  of  its  search  engine  gives  Chinese 
people  access  to  information  that  they  wouldn’t 
have  otherwise,  and  this  will  promote  democracy 
and  human  rights  in  the  long  term. 

Remi  Gagnon 
Managing  director 
Telesafe  Asia 
Bangkok, Thailand 

Linda  Musthaler  states  that  companies  such  as 
Google,  Microsoft  and  Yahoo  would  lose  if  the  U.S. 
government  restricted  them  from  offering  their  ser¬ 
vices  in  places  such  as  China  because  of  ideological 
differences.  While  it  would  not  make  economic 
sense  to  totally  restrict  U.S.-based  companies  from 
doing  business  with  countries  whose  ideologies  dif¬ 
fer  from  ours,  it  would  be  foolhardy  to  completely 
reject  the  notion  that  the  U.S.  government  needs  to 


put  in  place  some  restrictions  on  conducting  busi¬ 
ness  with  these  countries. 

U.S.-based  companies  (and  some  politicians,  for 
that  matter)  can  dress  China  up  all  they  want.  But 
China  still  remains  an  active  and  hostile  communist 
regime  bent  on  the  destruction  of  capitalism  and  its 
adherents,  such  as  the  United  States.  This  makes  it 
greatly  disturbing  to  see  how  desperate  U.S.-based 
companies  are  to  conduct  business  with  China  and 
places  with  similar  or  worse  ideologies. 

If  U.S.-based  companies  think  they  are  caught 
between  a  rock  and  a  hard  place  now  in  their  busi¬ 
ness  dealings  with  China  because  of  ideological 
differences,  just  wait  until  China  someday  decides 
to  cross  the  Taiwan  straits  militarily  and  drags  the 
United  States  into  armed  conflict.  To  have  to 
choose  sides  under  this  type  of  a  scenario  would 
not  be  pretty 

Is  this  the  price  the  U.S.  government  and  U.S.-based 
businesses  are  willing  to  pay  just  to  continue  making 
additional  dollars?  Despite  popular  opinion,  there 
are  still  some  things  in  this  world  that  are  more 
important  than  money  —  such  as  integrity  and  trust. 
Unfortunately  there  seems  to  be  very  little,  if  any,  of 
these  things  left  in  either  sector. 

Andrew  Lorenz  Jr. 
Milwaukee 

Don't  forget  Milwaukee 

Your  article,  “San  Francisco  heads  to  city  Wi-Fi” 
(www.nwdocfinder.com/2623)  neglects  to  mention 
Milwaukee  as  a  city  that  is  getting  wired.Why  are  we 
always  treated  as  if  we  were  a  suburb  of  Chicago? 

Albert  Krahn 
Milwaukee 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix.  editor  in 
chief,  Network  World,  II 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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SOX  WATCH 
Michael  Kamens 


SOX  education:  How  to  enter  the  field 


Judging  from  the  numerous  responses  to  my 
column  “Tips  toward  surviving  a  SOX  audit” 
(www.nwdocfinder.com/2624)  readers  have 
three  main  questions  related  to  the  Sarbanes- 
Oxley  Act: 

•  How  does  one  get  into  the  IT  auditing  field? 
•  Is  there  still  a  SOX  market  for  independent 
security  auditors? 

•  What  about  risk  analysis? 

Companies  are  in  the  process  of  restructuring 
how  they  will  satisfy  external  auditors’  require¬ 
ments.  In  the  beginning,  companies  simply  fol¬ 
lowed  everything  their  external  auditors 
demanded  for  fear  of  not  being  SOX-compliant. 
When  the  bills  started  coming  in,  firms  began 
taking  steps  to  halt  the  revenue  bleeding. 
Shellshocked  from  paying  millions  of  dollars  to 
external  auditors  and  internal  contract  SOX 
auditors,  many  companies  are  hiring  their  own 
SOX-trained  IT  auditors  to  supplement  their 
internal  staffs,  which  focus  on  financial  controls. 

There  are  several  steps  interested  parties  can 
take  to  get  into  the  IT  auditing  field.  Education, 
certifications  and  field  experience  are  critical. 
Become  a  member  of  the  Information  Systems 
Audit  and  Control  Association  (www.isaca.org) 


and  purchase  training  materials  for  the  Certified 
Information  Systems  Auditor  and  Certified 
Information  Security  Manager  certifications.The 
tests  are  given  twice  a  year  —  June  and 
December  —  and  you  will  need  to  set  aside  time 
to  prepare  for  them.The  tests  cost  $495  each  and 
require  a  75%  score  to  pass.  Once  you  are  certi¬ 
fied, there  are  two  ways  to  enter  the  field:  work  as 
a  contractor  for  experience  or  work  for  compa- 


Education,  certifications 
and  field  experience  are 
critical  to  entering  [the  IT 
auditing]  field. 


nies  willing  to  train  you.  Remember,  the  more 
experience  you  can  couple  with  your  certifica¬ 
tions,  the  more  valuable  you  will  be  to  potential 
employers. 

Is  there  still  a  market  for  independent  security 
auditors?  Absolutely,  but  you  must  offer  more  ser¬ 
vices,  such  as  writing  policies,  procedures  and 
guidelines;  risk  analysis;  and  remediation.  Some 
companies  hire  minimally  experienced  auditors 


to  save  money  Hiring  by  cost  is  really  a  roll  of  the 
dice,  as  many  independent  security  auditors  can 
talk  the  talk  but  cannot  walk  the  walk.  How  iron¬ 
ic  that  just  two  years  ago  only  the  best  and  most 
expensive  were  in  demand. 

Risk  analysis  is  becoming  important  in  an 
effort  to  mitigate  the  potential  for  damage 
caused  by  poor  controls.  This  appears  to  be  a 
field  many  large,  independent  CPA  firms,  with 
their  own  loyal  client  bases,  are  moving  into. The 
public  wants  assurance  from  the  companies 
they  deal  with  that  their  personal  data  will  not 
be  compromised. Companies  of  all  sizes  need  in- 
house  staffs  or  consultants  to  ensure  they  don’t 
end  up  in  the  news  because  of  data  tampering 
leading  to  ID  theft. 

If  you’re  interested  in  getting  into  the  IT  audit¬ 
ing  field,  now’s  the  time. The  demand  for  highly 
trained  and  specialized  individuals  is  high  — 
companies  cannot  afford  the  appearance  of  not 
safeguarding  their  customers’  personal  data. 

Kamens  has  a  law  degree  and  is  a  certified 
information  security  manager  and  independent 
IT  security  and  SOX  auditor.  He  can  be  reached  at 
mike@kamens.  org. 


QN  SECURITY 
Winn  Schwartau 


Would  you  hire  Dubai  to  run  your  network? 


The  issue  was  not  political, at  least  not  in  my 
mind.  It  was  all  about  security  In  the  nation¬ 
al  hoopla  over  whether  a  foreign  govern¬ 
ment  or  those  under  its  control  should  run  oper¬ 
ations  at  major  U.S. ports,  I  heard  lots  of  misplaced 
xenophobia.  I  wanted  to  understand  the  security 
implications  as  they  might  apply  to  networks  in  a 
similar  situation,  and  that  took  me  back  to  1999. 

At  a  classified  counterterrorism  briefing,  speak¬ 
ing  to  a  room  full  of  Pentagon  brass,  I  opened 
with, “Generals,  you  have  lost  command  authority 
of  your  armies.”  I  described  the  implications  of  the 
military  using  foreign  nationals  to  operate  unclas¬ 
sified  aspects  of  their  global  networks.  The  idea 
had  been  that  using  local  individuals  in  overseas 
bases  was  good  politics,  and  because  the  net¬ 
works  and  information  were  all  unclassified, 
what’s  the  harm? 

The  first  harm  is  that  unclassified  networks  that 
supply  meals  and  travel  orders,  for  example,  sup¬ 
port  military  readiness.That  is  why  U-boats  target¬ 
ed  the  shipping  lanes  during  the  Battle  of  the 
Atlantic.  A  severe  compromise  of  a  portion  of  our 
unclassified  networks  could  be  just  as  devastating 
as  a  breach  of  classified  security  The  Pentagon  got 
the  message  and  the  policy  was  changed  quickly 
The  second  harm  is  that  if  you  take  a  bunch  of 
unclassified  data  and  piece  it  together  in  the 
right  way,  like  a  jigsaw  puzzle,  the  resulting  infor¬ 
mation  could  be  immensely  valuable  to  a  poten¬ 
tial  adversary.  This  is  why  so  many  organizations 
are  sensitive  to  dumpster  diving  and  other  tech¬ 
niques  that  can  divulge  seemingly  innocuous 
information  to  the  public  domain.  Most  of  us  try 


to  protect  company  phone  books,  employee  ros¬ 
ters  and  so  on. 

The  question  is, how  much  of  your  infrastructure 
operations  and  security-relevant  processes  do 
you  want  to  outsource?  While  thinking  about  the 
United  Arab  Emirates/Dubai  national  security 
parallel  and  the  natural  follow-up  —  “Is  our  net¬ 
work  protection  any  less  important?”  —  these 
questions  come  to  mind: 

•  Do  you  want  to  outsource  any  of  your  critical 
IT  operations?  If  so,  how  do  you  make  the  distinc¬ 
tion  between  mission-critical  and  non-critical 
day-to-day  operations? 

Statistics  show  70%  to 
80%  of  cybercrime  involves 
a  trusted  insider. 

•  If  you  outsource,  how  quickly  can  you  bring 
full  operations  back  to  an  internal  function? 

•  How  much  of  your  security  do  you  want  to 
outsource?  For  example,  is  perimeter  access-con¬ 
trol  administration  better  done  internally  or  hand¬ 
ed  over  to  outsiders?  How  many  layers  of  security 
administration  do  you  have  and  do  you  want,  and 
where  are  they  located  physically? 

•  How  much  of  your  physical  access  control, 
administration  of  badges  and  ID  tokens,  and  bor¬ 
der  security  of  your  facilities  do  you  feel  comfort¬ 
able  outsourcing? 

•  If  you  choose  to  outsource,  how  do  you  find 
a  partner  you  can  trust?  How  do  you  know  it  is 


reputable?  Does  its  nationality,  political  stance 
or  religious  affiliation  make  a  difference?  Does 
the  physical  location  of  the  IT  resources  matter 
to  you? 

•  If  you  choose  to  outsource,  how  can  you 
oversee  the  quality  and  trustworthiness  of 
those  hired  to  manage  your  security-relevant 
assets?  A  background  check  can  determine 
only  if  someone  has  already  been  caught.  If  you 
outsource  to  a  non-U.S.  company  does  that 
make  employee  oversight  more  difficult? 

Statistics  show  70%  to  80%  of  cybercrime 
involves  a  trusted  insider.  We  know  many  of  our 
controls  do  not  address  insider  issues  ade¬ 
quately,  for  reasons  ranging  from  cost  to  expe¬ 
ditiousness  to  political  correctness.  This  makes 
the  question  of  handing  over  control  of  aspects 
of  our  networks  to  third  parties  even  more 
important,  as  our  day-to-day  tasks  will  be 
removed  at  least  two  to  three  steps  from  out¬ 
sourced  workers. 

In  the  debate  about  the  ports  issue,  not 
enough  people  reduced  the  question  to  its 
basics:  How  does  this  or  any  other  action  affect 
national  or  network  security?  Let’s  look  at  the 
details  of  what  outsourcing  really  means.  Let’s 
manage  our  organizations  with  security,  not 
irrational  fear,  as  the  prime  motivation  behind 
our  questions  and  answers. 

Schwartau  is  a  security  writer,  lecturer  and  presi¬ 
dent  of  Interpact,  a  security  awareness  consulting 
firm.  He  can  be  reached  at  winn@thesecu 
rityawarenesscompany.  com. 


BY  MICHELLE  HOPE 


The  Depository  Trust  and  Clearing  Corp. 

isn’t  taking  any  chances  when  protecting 
its  network  from  application-layer  attacks. The 
company’s  450  software  developers  use  an 
automated  scanning  tool  to  make  sure  thak-«®8 
security  holes  are  plugged  during  the  software 
development  life  cycle,  not  after  an  application 
has  been  deployed. 

Baking  security  into  the  software  development 
process  isn’t  necessarily  easy  Experts  say  using 
assessment  and  scanning  tools  slows  down  devel¬ 
opment,  thereby  increasing  the  cost  of  bringing 
new  applications  into  production.  Also,  not  all 

developers  react  positively  to  the  changes. 

■ 1 1  ■  1  ■  11  '  ■ 

Analysts  say  the  benefits  of  writing  secure  code 
in  the  first  place  —  rather  than  conducting  vul¬ 
nerability  scans  after  the  software  has  been 
deployed  and  having  to  patch  holes  —  far  out¬ 
weighs  the  extra  effort  required. 


When  developers  take  time  out  to  walk 
through  code  line  by  line,  it  becomes  a 
very  labor-intensive  and  costly  effort. 
Using  scanning  technology,  the  vulnera- 


bility  scans  are  now  done  automatically. 

i  >  i  I  James  Routh 

CISO,  Depository  Trust  aod  Clearing  Corp. 
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Before  James  Routh,  chief  information 
security  officer  at  DTCC,  which  handles 
more  than  $1  quadrillion  in  securities 
transactions  annually,  integrated  Secure 
Software’s  CodeAssure  static  code  scan¬ 
ner  into  the  software  development 
process,  several  of  the  company’s  top 
developers  were  invited  to  a  four-week 
security  training  boot  camp. 

After  the  first  week,  one  developer 
went  back  to  a  fairly  recent  applica¬ 
tion-development  project  he’d  worked 
on  and  turned  CodeAssure  loose.  He 
was  surprised  when  it  turned  up  signif¬ 
icant  gaps  and  vulnerabilities  that  nei¬ 
ther  he  nor  anyone  else  had  spotted. 

“When  developers  take  time  out  to 
walk  through  code  line  by  line,  it 
becomes  a  very  labor-intensive  and 
costly  effort.  Using  scanning  technolo¬ 
gy,  the  vulnerability  scans  are  now 
done  automatically’  Routh  says.  He 
adds  that  tools  like  CodeAssure  are 
important  because  over  time  they  help 
developers  become  better  at  writing 
secure  code.“Our  experience  with 
CodeAssure  has  taught  us  that  the  bet¬ 
ter  the  contextual  help  is  at  explaining 
the  vulnerability,  the  more  valuable  it 
becomes  as  an  education  tool  that 
developers  will  understand  and  incor¬ 
porate  going  forward,”  he  says. 

According  to  Gartner  analyst  Neil 
MacDonald,  a  variety  of  application 
software  scanning  and  assessment 
tools  now  exist  to  help  make  appli¬ 
cations  more  secure. These  include 
both  static  and  dynamic  tools  (see 
“Application-level  security  toolkit,” 
page  50). Typically,  these  tools  ana¬ 
lyze  the  state  of  uncompiled  code  or 
a  compiled  application  and  produce 
detailed  reports  that  identify  the 


types  of  security  threats  found  in  the 
application,  while  advising  about 
ways  to  prevent  or  correct  the  threat. 

Where  these  tools  are  applied  in 
the  average  development  life  cycle 
varies.  Some  methods  and  tools  are 
applied  in  the  early  requirements 
and  design  phase,  and  others  are  tar¬ 
geted  at  development,  quality  assur¬ 
ance  or  production. 

Early  bird  catches  the  worm 

Both  MacDonald  and  Forrester  ana¬ 
lyst  Michael  Gavin  are  quick  to  point 
out  that  the  earlier  such  methods  are 
introduced  in  the  development 
process,  the  better. 

“It’s  never  too  early  to  begin  thinking 
about  security  and  addressing  security’ 
Gavin  says.“lt’s  much  more  cost-effective 
to  fix  issues  early  on  in  the  process.You 
have  more  choices  with  how  you  fix  the 
problem,  including  more  design  choices 
and  more  flexibility’ 

Both  analysts  cite  a  2002  study  from 
the  National  Institute  of  Science  and 
Technology  that  proves  identifying  and 
fixing  bugs  early  in  the  development 
cycle  yields  greater  financial  rewards 
than  fixes  after  deployment.  At  the 
same  time,  however,  both  acknowledge 
it’s  tough  to  apply  such  security  prac¬ 
tices  early  in  development. 

Applying  application  security  tools 
and  activities  to  the  development 
effort  may  also  be  expensive.“If  you 
adopt  more-secure  coding  practices 
directly  in  the  code  cycle,  it’s  going  to 
add  about  one-third  more  time  to  the 
process,”  MacDonald  says.  He  attributes 
much  of  this  extra  time  to  educating 
and  retraining  developers  on  how  to 
recognize  and  prevent  security  vulner¬ 


abilities,  such  as  buffer  overflows,  cross¬ 
site  scripting  or  SQL  injection. 

Given  the  complexity,  education  and 
process  change  involved  in  adding 
security  functions  early  in  the 
process,  MacDonald  sees  most 
dynamic,  black-box  scanning 
tools  gaining  initial  traction  with 
security  professionals,  internal  audi¬ 
tors  and  compliance  professionals. 
These  people  typically  employ  such 
tools  to  conduct  security  evaluations 
for  applications  about  to  be  released 
or  already  in  deployment. 

Assessment  tools  are  also  used 
increasingly  to  help  sign  off  on  the 
security  of  application  code  written 
by  off-shore  or  outsourced  develop¬ 
ers  and  legacy  code  in  operation. 
“Writing  secure  applications  is  great 
for  new  applications  going  out  the 
door,  but  doesn’t  address  the  thou¬ 
sands  of  applications  you  may 
already  have  out  there,”  MacDonald 
says.“So  even  though  it’s  not  opti¬ 
mal,  a  lot  of  these  tools  today  are 
being  used  postdeployment.” 

Financial  Engines  gears  up 

One  company  that  has  found  it  use¬ 
ful  to  apply  static  code-scanning 
tools  to  applications  about  to  be 
released  is  Financial  Engines,  an 
investment  portfolio  management 
and  advisory  firm  that  develops 
applications  for  its  Web-facing  online 
adviser  service  and  a  separate  man¬ 
aged  accounts  service. 

Faced  with  strict  compliance  regula¬ 
tions  and  a  burgeoning  team  of  pri¬ 
marily  Java  developers  comprising 
40%  of  the  more  than  200-person 

See  Code  warriors,  page  50 


Seven  best  practices  for  achieving  application  security 


Most  software  vendors  that 
offer  application  security 
assessment  tools  are  the  first  to 
admit  their  tools  should  be 
viewed  as  just  one  component  in 
an  organization’s  multifaceted 
approach  to  application  security. 
Vendors  such  as  SPI  Dynamics, 
Secure  Software  and  Ounce 
Labs  offer  training,  guidance 
and  best  practices  on  this  topic, 
including  recommended  applica¬ 
tion  security  frameworks  and 
methodologies  in  which  their 
tools  play  a  part. 

Comprehensive,  Lightweight 
Application  Security  Process 
(CLASP)  is  one  methodology 


endorsed  by  Secure  Software  for 
building  security  concerns  into  the 
early  stages  of  the  software 
development  life  cycle.  It  includes 
seven  fundamental  best  practices: 

1.  Institute  awareness  programs. 

Educate  the  organization  on  what  is 
important  and  why,  and  who  is 
accountable. 

2.  Establish  an  assessment  strategy. 

Determine  what  the  inspection 
process  will  be  and  how  the  results 
will  be  analyzed. 

3.  Establish  security  requirements. 

Ensure  that  security  requirements  have 
the  same  level  of  “citizenship”  as  all 
other  must-haves. 


4.  Define  and  monitor  metrics. 

If  development  is  not  measurable, 
progress  is  impossible  to  determine. 

5.  Implement  secure  development 
practices.  Make  these  part  of  the 
culture:  defined  security  activities, 
artifacts,  guidelines  and  continuous 
reinforcement. 

6.  Build  vulnerability  remediation 
processes.  If  it’s  bad  and  you  find  it, 
you  must  be  able  to  assess  and  con¬ 
tain  the  exploitation  potential  and 
collapse  the  problem. 

7.  Publish  operational  guidelines. 

These  include  the  safe-handling  proce¬ 
dures  for  the  security  of  an  operational 
system.  If  you  find  something  and  the 


The  proliferation  of  firewalls, 
VPNs  and  intrusion-detection 
systems  attest  to  the  growing 
security  focus  on  the  network 
perimeter.  As  the  most  glaring 
security  holes  are  plugged  at 
the  network  layer,  however,  a 
new  breed  of  profit-driven 
hackers  has  targeted  richer 
hunting  ground:  the  applica¬ 
tion  layer. 

Most  companies  use  a  vari¬ 
ety  of  commercial  and  cus¬ 
tom-developed  appljcatic  s 
for  Web-driven  and  cus¬ 
tomer-facing  activities,  as 
well  as  key  company  func¬ 
tions.  In  many  cases,  the  core 
data  repositories  for  these 
applications  are  ripe  with 
highly  regulated  personal  and 
financial  information  of  great 
interest  to  potential  hackers. 

How  likely  is  it  that  an  aver¬ 
age  organization’s  £  (plica¬ 
tions  could  be  attacked?  It's 
likely  enough  for  information 
security  organizations  such 
as  the  Web  Application 
Security  Consortium  to  main¬ 
tain  a  running  tally  of  the  lat¬ 
est  application  hacks  perpe¬ 
trated  on  companies.  Many 
organizations  may  not  yet 
have  felt  an  attack  first-hand, 
but  research  from  Gartner 
also  Indicates  it's  only  a  mat¬ 
ter  of  time. 

A  recent  Gartner  research 
report  on  application  security 
estimated  that  80%  of  compa¬ 
nies  will  suffer  an  application 
security  incident  by  2009. This 
growing  threat  —  along  with 
compliance  drivers  like  those 
from  the  credit  card  industry's 
PCI  standards  —  have 
caused  a  growing  number  of 
organizations  to  look  at  how 
best  to  integrate  application 
security  methods  and  tools 
into  their  own  software  devel¬ 
opment  life  cycles. 


system  can't  be  fixed  immediately,  tell 
the  team  what  the  options  are. 

For  more  information  on  CLASP,  see 
www.securesoftware.com/prooess 
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Code  warriors 

continued  from  page  48 

company,  Financial  Engines  recently 
began  using  Fortify  s  Source  Code 
Analysis  Suite  for  static  code  analysis 
and  audits  of  major  software  releases 
before  rollout. 

“We  have  a  software  architect  who  is 
the  champion  of  this  particular  tool,” 
says  Matthew  Todd,  the  company’s  chief 
information  security  officer  and  vice 
president  of  risk  and  technical  opera- 
tions.“He  performs  the  audits  of  the 
code.  If  he  finds  issues,  he’ll  generate  a 
report  based  on  Fortify  s  compilation 
routine  or  scan.  He  then  takes  those  to 
developers,  who  must  come  up  with  a 
plan  for  how  to  fix  it.  He’ll  also  get  a 
report  from  the  development  team  on 
those  issues  prior  to  shipping  any  code.” 


nww.com 

A  practitioner's  guide  to 
secure  software 

We  talk  to  Gary  McGraw  about  his 
new  book,  "Software  Security: 

Building  Security  In”. 

www.nwdocfinder.coni/2625 


The  process  ends  with  Todd  or  a 
member  of  his  staff  certifying  that 
code  has  been  reviewed  for  security 
vulnerability  before  their  signoff. 

Moving  security  assessment  scan¬ 
ning  in-house  was  a  change  from  pre¬ 
vious  years,  when  the  company 
brought  in  experienced  auditors  who 
would  attempt  to  find  vulnerabilities 
by  performing  penetration  tests  and 
code  reviews. 

Although  initially  skeptical  about  how 
well  application  security  assessment 
tools  could  take  over  some  of  these 
tasks, Todd  was  soon  won  over  after  see¬ 
ing  the  tools  work  in  his  own  shop. 

“Once  we  could  demonstrate  that 
this  type  of  tool  offered  us  some  tech¬ 
nical  controls  to  ensure  our  security 
practices  are  being  maintained,  and 
that  what  we  intended  to  do  is  actual¬ 
ly  being  done,  it  become  a  no-brainer 
to  justify”  he  says. 

Response  from  developers  has  been 
predominantly  positive,  he  says. 
“Initially, you’ll  find  it  might  be  more 
work  for  individual  coders  because  a 
routine  they  were  assigned  to  do 
came  back  flagged.  But  at  the  same 
time,  they  are  learning  how  to  do  it 
better  next  time." 

A  learning  experience  for  developers 

A  frequent  refrain  from  customers  is 
the  learning  benefits  of  such  assessment 
tools.  Allen  Brokken.a  systems  security 


analyst  principal  at  the  University  of 
Missouri, spends  a  lot  of  his  time  audit¬ 
ing  applications  for  Payment  Card 
Industry  (PCI)  compliance.  His  auditing 
expertise  relates  directly  to  industry  reg¬ 
ulations  that  spell  out  the  need  to 
obtain  evidence  of  secure  coding. 

Brokken’s  central  IT  group  maintains  a 
central  processing  system  that  handles 
the  majority  of  credit  card  payments 
on  campus,  but  each  department, 
school  and  college  can  also  produce 
its  own  Web  e-commerce  front-end 
application;  it’s  critical  to  review  such 
applications  before  their  release. 

Brokken  uses  Weblnspect  from  SPI 
Dynamics  to  track  and  report  on  any 
vulnerabilities  in  Web  applications. 

That’s  a  good  thing,  because  only  one 
application  has  ever  come  out  of  a  first¬ 
time  scan  without  a  cross-site  scripting 
vulnerability“We  used  to  be  able  to  find 
code  problems  by  hand.  But  the  way  we 
were  doing  it,  we  couldn’t  really  help 
the  developers  solve  the  problem,”  he 
says.“Now,with  Weblnspect  we  have  a 
tool  that  generates  a  report  saying,  ’This 
is  broken,  and  here’s  how  you  fix  it.’” 

Any  extra  work  involved  for  develop¬ 
ers  depends  on  how  experienced  they 
are,  as  well  as  how  often  they’ve 
already  been  audited  by  Brokken  and 
his  team.“If  I’ve  done  two  or  three 
audits  for  a  person,  it  comes  back 
clean  every  time,”  he  says.’As  a  security 
person, your  job  is  often  to  tell  people 
‘no’. With  the  SPI  tool,  it  becomes  basi¬ 
cally  a  learning  exercise.  It’s  far  more 
powerful  to  educate  the  developer  as 
to  what  the  problems  are  than  to  just 
point  them  out.Time  and  again,  the 
developer  comes  back  saying, ‘I 
learned  something  from  this.’” 

The  time  savings  involved  with 
Weblnspect  was  also  an  easy  sell.  After 
tracking  the  two  days  it  took  him  to  audit 
one  piece  of  code  by  hand  and  write  the 
subsequent  report,  Brokken  was  pretty 
impressed  when  Weblnspect  did  the 
same  thing,  and  more,  in  just  15  minutes. 
“The  SPI  report  actually  gave  me  much 
more  information  when  I  was  done, 
including  all  the  developer  information 
on  how  to  fix  the  problem,”  he  says. 

Although  Brokken  would  like  to  see 
such  tools  applied  earlier  in  the  devel¬ 
opment  cycle,  he  recognizes  the  quick¬ 
est  way  for  most  organizations  to  imple¬ 
ment  these  tools  is  still  with  the  security 
team.“We  do  this  all  day  long.  By  imple¬ 
menting  this  tool,  we  just  saved  our¬ 
selves  extra  time,  and  didn’t  have  to 
change  our  process  much.  Plus  it  helps 
developers  become  comfortable  with 
the  idea  of  application  security’  he  says. 

Hope  is  a  freelance  writer  who  covers  IT 
issues  surrounding  enterprise  storage,  net¬ 
working  and  security.  She  can  be  reached  at 
mhope@thestoragewriter.com. 


Application-level  security  toolkit 

Application  security  experts  are  quick  to  note  the  different 
types  of  tools  available. 


Static  source-code  analysis  tools.  (Also  known  as  white-box  tools.) 

•  How  they  work:  These  tools  work  like  compilers  and  are 
part  of  a  programmer’s  integrated  development 
environment  (IDE). They  analyze  the  code  and  identify 
the  common  security  vulnerabilities  they  find.  Most 
also  provide  a  knowledge  base  that  educates 
developers  about  the  vulnerabilities  and  how  best  to 
correct  them. 

•  Where  they  are  USedfThese  tools  are  applied  by  individual 
developers  to  static  source  code  snippets  and  subroutines 
before  the  code  is  compiled. They  can  be  used  in  the  early 
stages  of  development,  but  many  organizations  begin  by 
using  them  for  final  quality-assurance  or  security  audits 
before  the  code’s  release  to  production. 

•  Vendors:  Coverity,  Fortify,  Klocwork,  Ounce  Labs,  Secure 
Software  and  various  open  source  software  projects. 


II 


Web  application-layer  firewalls. 

How  they  WOrk:These  firewalls  look  at  application  sessions  and 
block  potentially  malicious  traffic.They  may  serve  as  a  secure 
gateway  for  different  session  types,  such  as  an  XML-secure 
gateway  for  XML  traffic. 

Where  they  are  used:  In  post-production  environments,  where 
applications  are  already  deployed. 

Vendors:  Breach  Security,  Citrix  (recently  acquiredTeros),  Deny 
All,  F5  Networks,  Imperva,  NetContinuum. 


Automated  penetration-testing  tools. 

•  How  they  W0rk:These  tools  work  like  vulnerability  scanning 
tools,  but  do  more  in-depth  testing  to  help  eliminate  false 
positives  and  better  demonstrate  how  a  potential  vulnerability 
could  be  exploited  in  real-world  settings. 

•  Where  they  are  used:  At  the  end  of  the  development  cycle. 

•  Vendors:  Core  Security,  Immunity  Security,  MetaSploit  open 
source  project. 


Application  vulnerability  scanning  tools.  ( Also  known  as  dynamic 
or  black-box  tools.) 

How  they  W0rk:These  tools  can  simulate  a  hacker’s  potential 
attacks.They  require  the  application  to  be  already  compiled 
and  running.  Vulnerability  reports  are  then  produced,  with  the 
most  glaring  ones  flagged  for  developers.  Many  focus  on 
identifying  vulnerabilities  in  Web  applications,  but  may  also 
produce  reports  on  the  degree  of  a  code's  compliance  to  key 
regulations. 

Whore  they  are  used:  Part  of  the  pre-deployment  or  assessment 
audit  performed  by  a  security  team  just  before  an 
application  is  released  into  production. 

Vendors:  Cenzic,  NetIQ.  NT  Objectives,  Protegrity,  SPI 
Dynamics,  Watchf  ire.  Open  source  tools  include  Nikto  and 
the  OWASP  WebScarab  project. 

SOURCES:  FORRESTER  RESEARCH, WATCHFIRE 
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E-MAIL  NEWSLETTER  SHOWCASE:  Branch  office  best  practices 

Multiplying  branch  offices  into 
some  really  small  sites 


BY  ROBIN  GAREISS 

Branch  offices  are  an  extension  of  headquarters,  but 
moving  forward, we  expect  to  see  a  type  of  remote  location 
emerging  as  an  extension  of,  well,  the  branch  office. 

We’ve  seen  this  happen  to  some  extent  with  telecom¬ 
muters,  who  in  many  companies  are  affiliated  with  a  par¬ 
ticular  branch  office,  rather  than  directly  with  headquar¬ 
ters.  But  now,  organizations  are  doing  more  with  the  ATM 
(that’s  automated  teller  machine,  not  asynchronous  trans¬ 
fer  mode)  model,  using  collaborative  technologies. 

For  any  type  of  business  that  requires  a  high  frequency  of 
personalized  customer  interaction,  kiosks  loaded  with  col¬ 
laborative  voice/data/video/imaging  tools  can  fill  this 
need.  In  doing  so,  it’s  less  expensive  to  reach  customers 
than  opening  fully  staffed  branch  offices,  in  terms  of  real 
estate,  personnel  and  IT  infrastructure. 

One  recent  example  of  this  is  Vantis  Credit  Union,  a 
Canadian  company  serving  22,000  members  through  eight 
branch  offices.  Expanding  to  serve  more  members  —  and 
to  increase  business  —  requires  an  expanded  presence. 
But  rather  than  opening  more  branch  offices,  the  company 
is  rolling  out  Nortel’s  MCS5100  real-time  communications 
dashboards  on  video  kiosks  wherever  it  needs  a  “physical” 
presence. 

If  members  need  to  visit  a  customer-services  representa¬ 
tive,  they  can  go  to  the  video  kiosk  (perhaps  one  located 
near  the  cafeteria  in  corporate  headquarters),  talk  to  a 
person  who  is  physically  located  in  a  nearby  branch 
office,  handling  both  walk-in  traffic  at  that  branch,  calls  to 
the  branch  and  video  kiosk  inquiries.  From  that  screen, 
the  rep  can  display  images, say, of  a  loan  application, push 


a  loan  application  to  the  printer  of  the  kiosk, answer  ques¬ 
tions  —  all  while  giving  the  member  a  more  personal 
experience  than  a  data-only  kiosk. 

The  possibilities  of  these  types  of  kiosks  are  broad. 
Retailers  can  push  videos  of  products,  demonstrating 
how  to  repair  or  install  them,  or  display  ideas  of  how  to 
best  wear  an  apparel  item.  Insurance  agents  can  do 
interactive  demonstrations  of  plan  options;  real-estate 
brokers  can  walk  buyers  through  distant  homes,  hotels 
can  share  a  pool  of  concierges,  who  use  the  video  kiosk 
to  display  restaurants  or  theater  recommendations,  for 
example. 

Ultimately,  these  offerings  will  be  on  individual  con¬ 
sumers'  PCs  —  and  some  are  already 

But  until  then,  video  kiosks  can  offer  certain  types  of 
companies  a  way  to  expand  their  presence  without  open¬ 
ing  a  brick-and-mortar  office  and  instead  renting  space 
from  an  appropriate  partner. 

From  an  IT  perspective,  the  kiosk  would  require  a  tele¬ 
com  link  and  perhaps  some  optimization  software,  along 
with  the  real-time  communications  dashboard.lt  would  be 
further  leveraging  the  infrastructure  already  in  place  at  the 
branch  offices,  telecommuters’ home  or  even  headquarters 
or  contact  centers.  IT  staffs  aren’t  as  strained,  customers  are 
served  in  a  new,  innovative  and  more  personal  way  and 
costs  are  reduced. Sounds  like  a  winning  technology  appli¬ 
cation  to  me. 

Gareiss  is  executive  vice  president  and  senior  founding 
partner  for  Nemertes  Research.  She  can  be  reached  at 
robin@nemertes.  com. 
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Podzinger  indexes  and  finds 
podcast  content 


BY  MARK  GIBBS 

With  podcasts  exploding  as  a  major  media  format,  it  is 
hard  to  find  good  podcast  content  let  alone  the  specific 
content  you  are  interested  in. 

Now  there  are  a  number  of  sites  that  index  podcasts  but 
although  they  provide  a  subject  index  there  hasn’t  been, 
until  recently,  a  way  to  “dig”  deeper  for  specific  words  and 
phrases  used. 

A  service  that  I  predict  will  definitely  change  everything 
is  Podzinger,  which  processes  the  actual  audio  data  with 
a  speech  recognition  engine  from  BBN 
Technologies.The  result  is  a  searchable 
index  of  all  identifiable  text  in  any  sub¬ 
mitted  podcast. 

Pbdzinger  is  just  getting  started  but 
even  so,  its  home  page  currently 
claims  a  total  of  almost  82,000 
indexed  podcasts. 

You  can  submit  your  own  podcasts 
through  Podzinger's  submission  sys¬ 


tem.  Your  podcasts  will  be  analyzed,  Podzinger  claims, 
within  eight  hours  of  submission.  Once  indexed  Pod¬ 
zinger  will  send  you  an  e-mail  with  a  block  of  HTML  that 
you  can  put  on  your  Web  site  so  that  your  visitors  can 
search  your  content. 

And  what  about  the  podcast  content  that  you  want  to 
find?  Search  on  the  Podzinger  site  and  with  the  results  will 
come  a  link  that  creates  an  RSS  feed  that  you  can  reference 
at  any  time  through  your  newsfeed  reader  to  get  an  update. 

This  is  an  outstanding  service  that  has  huge  potential. 

If  you  are  a  consumer,  this  could  well  be 
a  gold  mine.  If  you  are  a  podcast  pro¬ 
vider,  this  will  make  it  easier  for  your 
own  podcasts  to  be  easily  found  by  your 
audience. 

Gibbs  is  a  regular  columnist  for  Network 
World  with  his  Gearhead  and  BackSpin 
weekly  columns.  He  can  be  reached  at 
backspin@gibbs.com. 
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Vendor  Solutions  for  Your  IT  Challenges 

COMPANY:  Zultys Technologies 

DETAILS:  68  year  old  lumber  business  discovers 
that  a  modern  VoIP  phone  system  solves  a  host  of 
problems  and  saves  them  money  in  the  process. 

CHALLENGE:  Established  in  1938,  Pacific  Lum¬ 
ber  has  300  employees  and  8  locations  servicing 
home  builders  throughout  Oregon  and  Washington. 
However,  as  the  business  grew,  the  costs  to  expand 
and  maintain  their  legacy  phone  systems  exploded. 
Alan  Churchill,  Director  of  MIS,  knew  that  VoIP  could 
provide  savings  in  administrative  costs  and  allow 
them  to  connect  all  sites.  "We  needed  a  system  that 
was  cost-effective  and  easy  to  manage." 

SOLUTION:  Alan  evaluated  offerings  from  Avaya, 
Cisco,  Alcatel,  and  Zultys  Technologies.  Alan's  objec¬ 
tive  was  to  find  a  system  that  was  low  cost  and  simple 
to  administer  and  use.  But  the  Zultys  solution  seemed 
too  good  to  be  true.  "Because  it  was  half  the  cost  of 
the  others,  we  almost  didn't  pursue  Zultys," admitted 
Alan.  "But  when  we  tested  it,  we  discovered  it  com¬ 
pletely  outshone  the  others.  It  really  did  work!'' 

Pacific  Lumber  installed  an  MX250  IP  PBX  along  with 
ZIP  4x4  IP  business  phones — all  from  Zultys.  The 
implementation  took  only  two  days,  impressing 
Alan  immensely.  "Our  old  phone  systems  required  a 
'truck  roll'for  every  single  issue.  And  this  one  simply 
plugged  into  our  existing  WAN  without  extensive 
changes  to  our  infrastructure.  We  especially  liked  the 
way  we  could  administer  the  entire  system  remotely." 

With  the  Zultys  system,  all  users  now  have  Presence, 
Instant  Messaging,  Conferencing,  point-and-click 
dialing,  and  call  handling  rules  that  can  automatically 
route  calls  to  alternate  operators.  "Customers  can 
reach  us  at  all  times,  regardless  of  our  location,"  said 
Alan.  "It  proved  to  be  exactly  what  we  were  promised: 
a  system  that  was  simple  to  implement,  easy  to  use, 
worked  with  our  existing  infrastructure,  and  cost  less 
than  we  expected." 


408-328-0450 
www.zultys.com 


Leas  Vegas  April  30-May  5|2006 


jC**'  Data  Center  Summit 

Featuring  NetworkWorld 
contributors  Joh 


nson 

and  Andreas  Antonopoulos. 

Register  Today. 


www.interop.com 


LEAR  CHOICE  if 


New  version  of  Windows  NAS 
makes  the  grade 
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WINDOWS  2003  STORAGE  SERVER  R2 

Microsoft 

NetResults  4.13 


HP  (starts  at  $2,500),  Dell  (starts  at  $2,500). 

Pros:  Very  efficient  NAS,  easy  drop-and-add 
features,  very  good  feature  set  to  match 
Windows  networks. 

Cons:  Needs  administrative  tuning  features;  not 
really  non-Windows  client-friendly. 


BY  TOM  HENDERSON  AND  LASZLO  SZENES,  NETWORK  WORLD  LAB  ALLIANCE 

In  our  Clear  Choice  Test  of  Microsoft’s  latest  version  of  its  file-pinching  net¬ 
work-attached  storage  software  —  dubbed  Windows  Storage  Server  R2  — 
we  found  it  to  be  fast,  difficult  to  misconfigure,  highly  efficient  and  a  use¬ 
ful  storage  operating  system  for  both  local  drop-and-add  NAS  boxes  and 
branch  office  storage  devices. 


Overall,  we  found  this  version  of  Storage  Server  contains 
several  features  especially  suited  to  branch  operations, 
including  sparse  file  management,  reduction  of  redundant 
files  and  an  extremely  proficient  backup  mechanism. 

Windows  2003  Storage  Server  R2, released  last  month, can¬ 
not  be  purchased  directly  by  consumers,  but  is  sold  as  part 


How  we  did  it 


We  tested  Microsoft’s  Windows  2003  Storage 
Server  R2  software  on  two  OEM  platforms: 
Dell’s  FbwerEdge  830  and  HP’s  DL100.  Our 
test  network  included  a  Windows  2003  Enterprise 
Server  R2  running  on  an  HP  DL140  machine  in  a 
switched  Gigabit  Ethernet  environment.  Clients 
included  an  HP  ZV5000  notebook  (running 
Windows  XP  SP2/64-bit  Edition),  a  Toshiba  ML135 
notebook  (running  XP  SP2/32-bit  Edition),  a  white 
box  computer  (MSI  motherboard  running  XP 
SP2/32-bit  Edition), a  Mac  FbwerBook  (OS/X  10.4.4) 
and  several  Linux  clients. 

Both  OEM  systems  were  received  ready  to  con¬ 
nect  to  our  Active  Directory-based  network  and 
were  easily  joined  to  it.  We  configured  both  servers 
for  Distributed  File  System  (DFS)  namespace  repli¬ 
cation  support  and  tested  them  using  our  Active 
Directory  server  as  the  failover  storage  point. 

DFS  replication  was  checked  using  directory  ser¬ 
vices  reporting,  as  well  as  data  from  an  instance  of 
Ethereal  and  a  Fluke  OptiView  II  to  watch  transmis¬ 
sion  and  payload  sizes  during  delta  file  copying 
and  replication. 

We  also  configured  the  single-instance  storage  on 
the  Dell  box  and  moved  numerous  directories  from 
around  the  lab  to  the  server  to  judge  how  efficient 
sparse  file  handling  was. 

We  also  tested  file  screening  using  varying  file 
types  and  indexed  file  searches.  We  clocked 
searches  locally  through  a  directory  tree,  then 
through  a  directory  tree  on  local  media,  and  noted 
the  differences. 


of  an  OEM  NAS  appliance.  We  tested  OEM  samples  of  this 
code  from  HP  and  Dell.The  software  is  sold  to  OEMs  in  four 
iterations:  Express, Workgroup,  Standard  and  Enterprise. 

The  Dell  product  tested  was  a  large  desktop  server  unit; 
the  HP  NAS  box  came  in  a  1U  rack  server.The  Dell  unit  ran 
Windows  Storage  Server  R2  Standard  Edition,  which  sup¬ 
ports  all  features;  the  HP  box  supported  Wordgroup 
Edition  of  the  Microsoft  software. The  Workgroup  edition 
can  report  itself  as  an  Enterprise  Edition,  so  check  which 
version  you’re  getting,  or  you’re  in  for  surprises. 

This  software  uses  two  main  methods  to  achieve  far  high¬ 
er  efficiency  in  storing  and  transmitting  file  information: 
Single  Instance  Storage  (SIS),  which  reduces  identical  in¬ 
stances  of  files  to  a  single  file  with  appropriate  stubs  or 
place  holders  for  other  copies;  and  its  function  that  records 
delta-only  file  changes.  We  tested  these  functions  discretely 
and  in  combination  with  another  feature  of  the  software  — 
enhanced  Distributed  File  System  (DFS)  —  for  failover  and 
availability 

The  SIS  service,  which  is  not  supported  in  either  the  Ex¬ 
press  or  Workgroup  versions,  reduces  file  duplication 
across  multiple  machines.  It  runs  in  the  NAS  server  and 
monitors  files  being  written  to  the  server.  Once  the  first 
instance  of  a  file  is  stored  on  a  Windows-based  NAS  appli¬ 
ance,  subsequent  identical  files  aren’t  stored  there;  file 
stubs  pointing  to  the  initial  copy  of  the  file  are  stored  in 
their  place. This  yields  a  great  savings  in  server  space. 

For  organizations  that  use  the  Windows-based  NAS  box 
to  store  many  unique  personal  documents,  the  savings 
will  be  small.  However,  organizations  that  launch  a  static 
fleet  of  applications  from  network  resources  will  see  a 
comparatively  dramatic  reduction  in  the  overall  displace¬ 
ment  of  these  kinds  of  files,  in  our  testing  more  than  a  90% 
space  savings. 

Microsoft’s  existing  DFS  creates  a  replication  scheme 
where  a  namespace  (also  known  as  alias  name)  represents 
shared  folders  (or  shares)  that  are  replicas  of  the  files  rep¬ 
resented  by  the  shares.  If  a  file  changes  on  one  host,  it  is 
replicated  according  to  administrator-defined  rules  to 
other  hosts  sharing  the  same  namespace,  thus  synchroniz¬ 
ing  them.  If  a  large  file  is  modified,  that  file  typically  is  repli¬ 
cated  in  its  entirety  to  the  synchronized  host. 

Windows  Storage  Server  R2  has  new  DFS  functionality 


The  Breakdown 

Installation/integration  25% 

4* 

Management/administration  25% 

4 

Performance  25% 

4.5 

Security  25% 

4 

Total  score 

4.13 

Scoring  Key: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 

1:  Subpar  or  not  available. 

*  Integration  is  handled  primarily  by  the  hardware  OEM  partner. 


that  makes  this  process  easier  to  manage  in  branch-office 
deployments,  because  it  can  replicate  and  synchronize 
files  between  the  storage  server  and  another  Windows- 
based  NAS  box  or  Windows  2003  server  anywhere  on  the 
network.  Rather  than  the  entire  file,  however,  only  the  delta 
(with  a  few  bytes  for  overhead)  of  a  file  change  is  sent 
across  the  wire.  Compression  then  reduces  the  communi¬ 
cation  time  between  the  changed  host  and  its  replica. 

We  unplugged  the  DFS  running  on  the  local  Windows 
Storage  Server  R2  appliance  to  see  how  long  it  would  take 
the  namespace  files  to  be  delivered  from  its  replica,  and 
found  some  initial  weakness.  The  failover  from  the 
Windows  NAS  box  to  the  primary  test  server  took  as  long  as 
29  seconds.  This  seemingly  intolerable  time  lag  is  a  func¬ 
tion  of  the  timeouts  given  to  TCP/IP  when  used  with  the 
small-to-midsize  business  protocols.  An  obscure  registry 
change  (we  needed  to  contact  Microsoft  for  this)  shrank 
this  default  time  to  a  more  tolerable  range  of  4  to  9  sec¬ 
onds.  Tweaking  this  setting  for  others  will  depend  on  over¬ 
all  network  WAN  response  times.  Macs,  Linux  and  other 
non-Windows  clients  cannot  take  advantage  of  this  DFS 
failover  feature  yet. 

Windows  Storage  Server  R2  contains  Version  3  (the  latest) 
of  the  Microsoft  Management  Console,  which  has  a  snap-in 
called  File  Screening;  this  allows  administrators  to  prevent 
files  of  a  certain  name  to  be  put  onto  the  Windows-based 
storage  server,  thereby  preventing  undesirable  applications 
(think  Limewire,  MusicMatch  files,  with  extensions  used  by 
viruses  and  Trojans)  from  infecting  the  server.  It’s  not  a  per¬ 
fect  system,  because  astute  users  can  rename  files,  but  it’s 
one  more  security  hurdle  mal-intentioned  individuals  must 
overcome,  and  helps  enforce  preventive  organizational 
security  policy 

Overall,  Windows  Storage  Server  R2  adds  quite  a  bit  of 
value  for  Windows  networks  compared  with  more  generic 
NAS  devices.  It  has  a  few  rough  edges  —  in  terms  of  failover 
response  times  and  configuration  issues  —  but  overall,  the 
added  value  of  failover,  reduced  copying  times, and  config¬ 
uration  options  makes  it  viable  alternative  to  other  NAS 
appliances. 

Henderson  is  principal  researcher  and  managing  director 
of  ExtremeLabs.  He  can  be  reached  at  thenderson@extreme 
labs.com.  Szenes  is  a  researcher  at  ExtremeLabs. 
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IS  NOW  IN  YOUR  HANDS 


SECURITY  In  today’s  corporate  environment,  it’s  not  an  option.  DesktopStandard’s  Group  Policy  extensions 
take  you  beyond  built-in  Windows  security  management,  giving  you  the  power  to  limit  rights  and  privileges  to 
the  least  required  for  authorized  tasks.  Reduce  the  complexity  of  managing  your  distributed  desktop  environ¬ 
ment  while  increasing  security  and  compliance.  Find  out  how  at  www.desktopstandard.com. 
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manage  with  standards. 


AN  EDITORIAL  SUPPLEMENT  TO 


In  this  issue,  the  second  edition 
in  our  six-part  series,  we  inves¬ 
tigate  next-generation  security 
and  more. 

Settling  the  identity 
foundation  with  New 
Data  Center  security  proj¬ 
ects. 

Protecting  data  from 
cradle  to  grave  using 
data  life-cyle  protection 
tools  and  techniques. 

Automated  security,  a 
roundtable:  IT  executives 
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Inside  this  issue: 


Piecing  together  the  next- 
generation  IT  architecture 


In  this,  the  second  edition  of  our  six-part  New  Data 
Center  series,  we  spotlight  security  trends,  showcase 
change-management  automation,  and  peek  at  the 
future  of  grid  computing.  We  begin  with  a  look  at 
identity  management  (at  right). 
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Data  life-cycle  protection  is  becoming  as  impor¬ 
tant  for  the  New  Data  Center  as  network  securi¬ 
ty,  but  challenges  abound. 


SECURITY  Four  IT  executives  speak 
frankly  about  automating  security. 
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www.nww.com.  DocFinder:  2225. 


Looking  ahead: 


SPOTLIGHT  ON: 

BEST  PRACTICES 


SPOTLIGHT  ON: 

SECURITY 


SPOTLIGHT  ON: 

STORAGE 


WBBKm  SPOTLIGHT  ON: 

6/H6  MANAGEMENT 


■HHH  SPOTLIGHT  ON: 

1  VIRTUALIZATION 


SPOTLIGHT  ON: 

MOBILITY 


Editor:  Beth  Schultz 

Executive  editor:  Julie  Bert 

Designer:  Brian  Gaidry 

Online  graphic  designer:  Eric  Anderson 

Copy  editor:  Ryan  Francis 

Online  copy  editor:  Bob  Sprague 

Network  World  editorial  director:  John  Gallant 

Network  World  editor  in  chief:  John  Dix 

Cover  illustration:  Celia  Johnson 


Spotlight:  on  security 

Setting  the  identity 


With  the  technology  rapidly  maturing,  identity  man¬ 
agement  will  soon  underpin  all  security  in  the  NDC. 


BY  JOHN  FONTANA 


CELIA  JOHNSON 


For  John  Jackson,  director  of  software  technology  for  General  Motors, 
the  question  isn’t  whether  to  build  an  infrastructure  for  digital  identi¬ 
ty,  but  how  to  ensure  that  he  has  a  firm  foundation  from  which  to 
start.  As  2006  unfolds,  many  of  Jacksons  peers  find  themselves  in  a 
similar  position.  Across  corporate  America,  identity  management  is  running  up  the 


IT  priority  chart  and  into  the  New  Data  Center  (NDC)  security  infrastructure. 

Jackson  can’t  afford  to  make  mistakes  —  nor  can  anyone  else.  Security,  privacy  and  federal  compliance  issues 
are  among  the  critical  initiatives  Detroit-based  GM  and  others  will  tack  on  the  back  of  identity  management  tools 
such  as  strong  authentication, single  sign-on  (SSO),  provisioning,  password  management,  federation, auditing  and 
tracking,  in  November  2005,  Ponemon  Institute^  research  firm  focused  on  information  and  privacy  management, 
found  the  financial  impact  of  data  breaches  ranged  from  nearly  $500,000  to  as  high  as  $52  million  for  14  compa¬ 
nies  studied. 
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“Ten  years  ago,  the  prevailing  assumption  was  that  if 
you  were  on  the  GM  network,  then  you  were  a  GM 
employee,”  says  Jackson,  who  is  on  the  board  of  the 
Liberty  Alliance,  a  consortium  developing  protocols  for 
sharing  identities.“Today,we  have  dealers  and  suppliers 
[on  the  network]  that  are  not  a  part  of  GM.Add  the  fact 
that  we  are  completely  outsourced  and  it  becomes  crit¬ 
ical  to  track  who  you  are  and  what  rights  you  have  so 
we  can  make  sure  that  people  only  get  to  the  informa¬ 
tion  they  are  allowed  to  get  to.  Identity  is  the  foundation 
for  everything  we  do.” 

So  important  is  this  that  GM  has  a  12-person  identity 
group  within  the  security  team. The  group  continues  to 
consolidate  internal  directories  while  expanding  its 
identity  federation  deployment  and  building  out  virtu¬ 
al  directories  and  SSO  capabilities. 

Users  and  analysts  agree  that  identity  is  seeping  into 
corporate  infrastructure. 

“In  five  years,  what  we  talk  about  today  as  identity  and 
access  management  will  just  be  another  part  of  the 
infrastructure  and  it  won’t  be  sold  separately.  It  will  be 
part  of  your  security  foundation,”  says  Sally  Hudson,  a 
security  research  manager  at  IDC. 

Prequel 

Last  year’s  rush  of  consolidation  punctuates  this 
heady  proposition.  Vendors  such  as  BMC  Software,  CA, 
HR  Microsoft  and  Oracle  snapped  up  technology  to  fill 
blossoming  identity  suites  (see  chart,  page  36).  This 
year,  those  vendors  along  with  IBM,  Novell,  RSA  Security 
and  Sun  will  begin  a  multiyear  task  of  building  identity 
platforms  designed  to  help  reduce  IT  costs  and  deploy¬ 
ment  chores. 

Meanwhile,  vendors  such  as  ASG  Software  Solutions, 
Entrust,  Evidian,  PingID,  Quest  Software,  Red  Hat, 
Siemens  and  others  will  hone  their  identity  tools. 

The  work  is  happening  against  a  backdrop  of  an 
industrywide  discussion  to  define  the  characteristics  of 
identity,  ignited  by  Seven  Laws  of  Identity  published  last 
May  by  Microsoft  identity  architect  Kim  Cameron.  This 
year,  users  say,  they  will  try  to  figure  out  how  to  incor¬ 
porate  those  laws,  which  focus  on  users  having  control 
over  their  identity  data. 

Other  burning  developments  include  uptake  in  strong 
authentication,  further  consolidation  of  federation  pro¬ 
tocols,  as  well  as  developing  auditing  and  tracking  con¬ 
trols  and  user  self-service  to  ease  identity  administra¬ 
tion.  “There  is  a  fascinating  shift  underway  that  has  us 
moving  from  the  management  of  identity  to  manage¬ 
ment  by  identity” says  Sara  Gates,  vice  president  of  iden¬ 
tity  management  for  Sun. 

Getting  started 

Today,  many  users  are  in  the  early  stages  of  projects 
targeted  at  specific  needs  with  occasional  glances  at 
the  future. 

Hudson  Advisors,  a  Dallas-based,  multibillion-dollar 
private  commercial  mortgage  service  provider  and  real 
estate  asset  management  firm,  is  on  the  second  stage  of 
a  phased  rollout  of  identity  technology. The  project  start¬ 
ed  last  year  with  RSAs  Sign  On  Manager  to  provide  SSO 
to  internal  and  Web-based  sites.  This  fall,  Hudson  plans 


to  complete  a  deployment  of  strong  authentication 
based  on  RSA  SecurlD  that  will  secure  administrator 
access  to  its  network,  financial  systems  and  Microsoft 
Outlook  Web  Access.  Other  2006  projects  include  phas¬ 
ing  in  access  control,  encryption  and  self-service  pass¬ 
word  reset  while  exploring  identity  federation. 

“We  manage  a  lot  of  financial  holdings  over  the  Web; 
the  Web  provides  the  communication  between  our 
offices  that  transact  billions  of  dollars  in  business.  If  we 
can  do  that  in  a  way  that  is  more  secure,  if  we  can  miti¬ 
gate  risk,  it  becomes  a  key  piece  against  our  competi- 


systems  security  manager  for  the  five-hospital  network. 
Last  year,  32,000  account  requests  were  processed  on  a 
system  anchored  by  Microsoft’s  Identity  Integration 
Server. 

The  savings  are  not  hard  dollars  but  the  ability  to  re¬ 
assign  staff,  McClain  says.  His  goals  in  2006  are  to  extend 
provisioning  to  clinical  systems,  and  use  identity  to  sup¬ 
port  third-party  network  access. 

“Identity  management  vendors  have  grandiose  plans 
for  their  products,  but  for  us  the  focus  is  on  account 
provisioning,”  he  says. 


Identity  is  the 
foundation  for 
everything  we  do. 

John  Jackson, 

Director  of  software  technology, 
General  Motors 


tors,”  says  Mark  Lynd.vice  president  and  global  CTO  at 
Hudson.  In  addition,  he  is  targeting  cost  savings.  His  SSO 
project  saved  $4  for  every  dollar  spent  on  deployment, 
although  he  would  not  reveal  total  costs. 

At  Bechtel,  a  San  Francisco-based  multinational  engi¬ 
neering  and  construction  company  with  40,000 
employees,  identity’s  future  is  fused  to  an  overall  plan 
for  policy-based  security  modeled  on  the  Enterprise 
Security  Architecture  drafted  in  2004  by  the  user-group 
Network  Applications  Consortium  (NAC).“I  would  like  a 
policy  that  says  only  financial  people  can  get  to  finan¬ 
cial  data,”  says  Fred  Wettling,  technology  strategy  man¬ 
ager  for  Bechtel  and  NAC  chairman.  “The  implication 
there  is  that  I  know  who  the  financial  people  are.” 

For  years,  Bechtel  has  been  cleaning  up  its  user/iden¬ 
tity  data  and  is  extending  its  homegrown  SSO  capabili¬ 
ties  to  external  partners. 

In  December  2005,  the  company  won  a  contract  to 
help  run  Los  Alamos  National  Laboratory  and  plans  to 
secure  the  relationship  using  identity  as  an  underpin¬ 
ning. 

Wettling  also  is  looking  long  range  with  identity  as  the 
foundation  for  such  business  processes  as  issuing 
employee  badges  and  managing  digital  rights. 

Wettling  and  others  maintain  that  while  identity  has 
its  concrete  concepts,  its  definition  is  unique  to  each 
adopter. 

For  Community  Health  Network,  a  $1.3  billion  health¬ 
care  company  in  Indianapolis  with  approximately 
10,000  employees,  identity  is  defined  by  provisioning 
employee  accounts  and  system  access  as  part  of  the 
Health  Insurance  Portability  and  Accountability  Act. 

“We  wanted  to  get  a  better  grasp  on  access  control 
and  authorization  and  ensure  people  have  access  to 
the  systems  they  need,”  says  Dave  McClain,  information 


Developing  the  tools 

Indeed,  vendors  are  frenzied.  Last 
year’s  flurry  of  acquisitions  ended 
a  three-year  consolidation  cycle 
and  now  comes  the  multiyear,  mul¬ 
tistage  task  of  melding  all  the  parts 
into  a  back-end  identity  infrastruc¬ 
ture. 

On  the  front  end,  Microsoft’s 
InfoCard,  which  will  let  users  con¬ 
trol  their  identity  information,  may 
be  the  most  watched  development. 
InfoCard,  slated  to  ship  with  the 
Vista  client  operating  system  at 
year-end,  could  become  a  model 
for  client-side  access  to  identity.  In  addition,  the  Higgins 
Project,  unveiled  in  February,  also  could  foster  user-cen¬ 
tric  identity  tools,  as  well  as  easier  ways  to  integrate 
identity  systems  across  platforms. 

“We  think  what  we  are  doing  with  InfoCard  will  start 
to  provide  alternatives  where  users  can  move  away 
from  user  names  and  passwords  for  Web  services-based 
applications,”  says  Michael  Stephenson,  group  product 
manager  for  Windows  Server  at  Microsoft. 

These  infrastructure  efforts  will  morph  into  networked 
identity  services  with  identity  eventually  becoming 
inherent  in  platform  technology  beginning  around 
2015,  according  to  research  firm  Burton  Group. 

“Enterprises  will  have  to  roll  with  the  punches  and 
take  the  suites  and  deploy  them  for  what  they  need 
now,”  says  Mike  Neuenschwander,  Vice  president  and 
research  director  for  Burton  Group.  “In  the  context  of 
those  projects,  users  will  learn  a  lot.  When  they  circle 
back  around  to  update  their  architectures  to  support  a 
wider  range  of  applications  they  will  want  to  do  it  in  a 
services  model  because  their  developers  will  want  that.” 

He  advises  users  to  build  a  services  veneer  today  so 
interfaces  do  not  have  to  change. 

As  an  example,  Nokia  is  integrating  the  Liberty 
Alliance’s  Identity  Web  Services  Framework  specifica¬ 
tion  into  the  protocol  stack  on  its  Series  60  phones,  pro¬ 
viding  access  to  identity  services.“In  the  mobile  space, 
it  is  hard  to  figure  out  a  service  that  does  not  relate  to 
the  subscriber’s  identity”  says  Timo  Skytta,  director  of 
Web  services  for  Nokia. 

Hot  in  2006 

Password  alternatives  are  expected  to  spring  up  this 
year.  Strong  authentication,  something  a  user  knows 

See  Identity,  page  60 
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continued  from  page  58 

(such  as  a  PIN)  and  something  they  have  (such  as  a 
smart  card),  has  been  gaining  momentum  especially 
after  the  Federal  Financial  Institutions  Examination 
Council  in  October  2005  issued  guidelines  calling  for 
Internet  banking  to  adopt  two-factor  authentication  by 


January  2007. 

In  November,  the  Liberty  Alliance  formed  the  Strong 
Authentication  Expert  Group  to  develop  the  Identity 
Strong  Authentication  Framework. The  open  framework 
will  allow  interoperability  among  tokens,  smart  cards 
and  biometrics.“We  could  shoot  ourselves  in  the  foot  if 
we  don’t  focus  on  interoperability  and  strong  authenti- 


T he  merging  of  identity  management  wares 

Major  vendors  want  to  offer  their  customers  comprehensive  identity  management  suites. To  that 
end  they  have  been  rapidly  buying  technology  through  acquisitions.  Now  they  face  the  hard  part 
--  integrating  all  that  newly  purchased  technology  into  cohesive  products.  Here's  a  look  at  the 
acquistions  the  big  players  have  made  and  the  integration  challenge  that  lies  ahead. 


Vendor 

Acquisition 

Executive  insight 

BMC  Software 

Calendra  (2005):  Provisioning. 
Open  Networks  (2005):  Web 
access  management. 

“1  think  the  next  phase  of  this  is  strong 
authentication.” 

—  Somesh  Singh,  VP,  identity  management 

CA 

Netegrity  (2004):  Web  access 
management. 

InfoSec  (2005):Provisioning. 

“These  identity  platforms  are  the  founda¬ 
tion  for  the  next  generation  of  enterprise 
applications.” 

—  Bill  Bartow,  seniorVP  of  identity  and 
access  management 

HP 

SelectAccess  from  Baltimore 
Technologies  (2003):  Web 
access  management. 

TruLogica  (2004): 

Provisioning. 

Trustgenix  (2005):  Federation. 

“Identity  becomes  mission  critical.  If  the 
authentication  service  is  down  . . .  that  can 
translate  into  millions  of  dollars.” 

—  Sai  Allavarpu,  director,  product  man¬ 
agement/marketing 

IBM 

Dascom  (1999):  Web  access 
management. 

Access  360  (2002): 

Provisioning. 

MetaMerge  (2002):  Meta¬ 
directory. 

“We  think  the  ramp  up  this  year  for  federa¬ 
tion  will  be  strong.” 

—  Joe  Anthony,  director,  identity  manage¬ 
ment 

Microsoft 

Zoomit  (1999):  Metadirectory. 
Alacris  (2005):  Certificate 
management. 

“Absolutely,  you  can  argue  that  passwords 
have  outlived  their  usefulness.” 

—  Michael  Stephenson,  group  product 
manager  for  Windows  Server 

Novell 

Novell  has  developed  its 
technology  internally. 

“Identity  management  is  all  about  hiding 
the  complexity.” 

—  JustinTaylor,  chief  strategist 

Oracle 

Oblix/Confluent  (2005):  Web 
access  management.  Phaos 
(2004):  Federation. 

Thor  (2005):  Provisioning. 

Octet  String  (2005):  Virtual 
directory. 

"Nobody  has  defined  a  standard  for  audit, 
but  we  are  working  on  that." 

—  Amit  Jasuja,  VP,  identity  management 
development 

RSA  Security 

RSA  has  mostly  developed 
technology  internally  but 
bought  Web  access  manage¬ 
ment  vendor  Securant  in  2001. 

“Liability  and  trust  have  gotten  in  the  way 
of  realizing  the  true  potential  of  federa¬ 
tion.” 

— Toffer  Winslow,  VP,  product  manage¬ 
ment/marketing 

Sun 

Innosoft  (2000):  Directory 
services. 

Waveset  (2003):  Provisioning. 

“1  think  we  will  see  more  finely  defined 
identity  services  that  applications  can  con¬ 
sume  per  transaction." 

—  Sara  Gates,  VP,  identity  management 

cation,”  says  George  Goodman,  director  of  Intel’s 
Platform  Capabilities  Lab  and  president  of  the  Liberty 
Alliance. 

Strong  authentication  pioneer  RSA  is  working  to  make 
access  to  the  technology  easier  and  more  flexible. 
“Increasingly  what  we  are  getting  into  is  how  can  we 
make  SecurlD  available  as  a  software  token  running  on 
a  BlackBerry,  as  a  toolbar  browser  or  running  on  a  mem¬ 
ory  stick,”  says  Toffer  Winslow,  vice  president  of  product 
management  and  marketing  for  RSA.  In  February,  RSA 
introduced  some  of  those  capabilities. 

Progress  on  consolidating  federation  protocols  also  is 
on  corporate  wish  lists. 

Microsoft  in  January  released  Active  Directory  Fed¬ 
eration  Services,  which  is  based  on  the  WS-Federation 
protocol  that  the  company  promises  eventually  to  turn 
over  to  a  standards  body  The  move  would  come  amid 
growing  momentum  behind  the  Security  Assertion 
Markup  Language  2.0,  which  is  supported  by  Liberty 
and  the  Shibboleth  project,  an  effort  to  create  federa¬ 
tion  standards  for  Internet  2. 

“We  need  to  start  seeing  the  integration  of  all  this 
stuff,”  says  Justin  Taylor,  chief  strategist  for  Novell’s  iden¬ 
tity  management  team.  “We  see  too  many  companies 
trying  to  piecemeal  things  together.  It  is  painful  and 
expensive.” 

Debate  also  is  growing  around  bridging  enterprise 
identity  and  identity  needed  on  the  Internet  to  help 
alleviate  such  problems  as  e-mail  spam,  identity  fraud, 
data  security  and  Web  site  password  bloat.Technologies 
such  as  InfoCard,  Liberty’s  People  Service,  Lightweight 
Identity,  iNames,  OpenID,  Simple  Extensible  Identity 
Protocol  and  URL-based  identifiers  are  candidates  to 
bridge  gaps. 

Where  identity  is  headed 

Users,  vendors  and  analysts  see  identity  becoming  the 
glue  that  binds  security  and  privacy  to  everything  on 
internal  and  external  networks. The  days  of  blocking  at 
the  firewall  will  give  way  to  credentials  presented  by 
users  or  machines  that  are  validated  against  a  set  of 
usage  policies. 

The  prevailing  wisdom  is  that  the  evolution  of  distrib¬ 
uted  computing  hinges  on  identity.  ‘ 

“We  are  networking  everything  into  one  big  distrib¬ 
uted  network  that  includes  back  end,  front  end, 
Internet,  RFID,  wireless  sensors  —  it’s  all  networked,” 
says  Eric  Norlin,  co-founder  of  the  Digital  ID  World 
Conference  now  run  by  Network  World's  parent  com¬ 
pany  IDG.“If  everything  is  a  distributed  network  there  is 
no  hierarchy.  In  a  distributed  network  there  is  only  one 
logical  organizing  paradigm  and  it  is  identity.  It  is  the 
only  way  you  can  maintain  any  control  or  order  over 
anything.”  ■ 
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Go  online  for  a  comprehensive  collection  of  stories  on  the  technologies, 
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Spotlight  on  security 


Data  life-cycle  protection  is  becoming  just  as 
important  in  New  Data  Center  architectures 
as  network  security,  but  challenges  abound. 


When  I  ran  a  distributed 
scan  for  at-risk  personally 
identifiable  information,  I 
was  amazed  at  what  we 
found  in  recycle  bins. 


MARK  RIZZO, 

vice  president  of  operations,  Perpetual  Entertainment 


ERIC  MILLETTE 


BY  DEBORAH  RADCLIFF 


When  attackers  gained  access  to  personal  information  on 

19,000  students  at  Carnegie  Mellon  University  last  April,  busi¬ 
ness  and  network  administrators  there  began  a  systemwide 
review  of  data  policies.  As  a  result,  the  university  drastically 
reduced  its  use  of  Social  Security  numbers  (SSN)  and  implemented  new  security- 
management  controls  around  its  Oracle  databases.  But  when  it  came  to  protecting 
data  extracted  from  a  database,  Joe  Jackson,  system  architect  at  the  Pittsburgh 
school,  was  at  a  loss.  See  Data  life  cycle,  page  64 
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Five  new  reasons  why 
APC  is  preferred  3  to  1*  for 
data  center  protection 


Comprehensive 

monitoring 

Robust  environmental  and  physical 
security  monitoring  protects  NCPI  from 
physical  threats  by  providing  early 
warning  to  identify  and  resolve  events 
before  they  result  in  downtime.  For 
more  info  visit  http://promo.apc.com 
and  enter  the  keycode  highlighted  in 
the  box  below. 


Open,  scalable 
architecture 

Modular,  open  platform  design 
allows  for  easy  integration  of 
additional  NetBotz®  and  3rd  party 
sensors  of  any  kind  (D/C,  4-20mA, 
USB,  IPMI,  SNMP,  ZigBee,  RFID, 
0-5V,  CCTV,  Camera,  Serial,  Other) 
to  accommodate  current  and  future 
needs.  For  more  info  visit  http:// 
promo.apc.com  and  enterthe  keycode 
highlighted  in  the  box  below. 


Configurable  alerts 

User-defined  alerts  are  managed 
according  to  your  thresholds  and 
escalation  policies.  Alerts  are  sent 
directly  from  the  NetBotz  appliance 
&  received  in  multiple  formats  to 
support  on-site  or  remote  notification. 
For  more  info  visit  http://promo. 
apc.com  and  enter  the  keycode 
highlighted  in  the  box  below. 


Centralized 

management 

Central  management  platform  pro¬ 
vides  easy  management  and  control 
of  multiple  monitoring  appliances 
and  offers  aggregated  visibility  into 
data  and  trends  within  your  overall 
physical  environment.  For  more  info 
visit  http://promo.apc.com  and  en¬ 
ter  the  keycode  highlighted  in  the 
box  below. 


Early  detection  & 
warning 

Remote  monitoring  capabilities 
provide  insight  into  physical  conditions 
and  equipment  from  anywhere  on  the 
network.  For  more  info  visit  http:// 
promo.apc.com  and  enter  the  keycode 
highlighted  in  the  box  below. 


If  Legendary  Reliability®  isn't  reason  enough. . . 


How  have  we  gone  from  making  simple  UPS  systems  to 
being  the  world  leader  in  Network  Critical  Physical 
Infrastructure  (NCPI)  solutions?  By  cultivating 
a  fanatical  focus  on  eliminating  downtime 
wherever,  whenever,  and  however  it  occurs. 

Almost  7,000  APC  employees  and  over 
30,000  global  solution  providers  have 
this  focus:  to  deliver  the  benefits  of 
standardization  and  to  eliminate  the 
waste  of  legacy  designs.  This  veritable 
army  of  availability  experts  is  at  your 
disposal,  with  the  sole  mission  of  helping 
to  increase  profits  and  peace  of  mind  wherever 
your  data  is  created,  transmitted,  or  stored. 


You  can  count  our  patents. 

You  can  count  the  $100  million  we  will  invest 
in  R&D  in  the  next  12  months,  providing 
solutions  for  the  problems  of  today  and 
anticipating  those  of  tomorrow. 

You  can  count  our  satisfied  customers. 
Most  importantly,  you  can  count  on 
us.  After  all,  that's  what  Legendary 
Reliability  is  all  about... 


There  are  hundreds  of  reasons  the  Fortune  1000  is  saving  (and  making) 
millions  with  our  standardized  InfraStruXure™  architecture,  and  at  the  rate 
we  are  innovating  there  will  be  hundreds  more  a  year  from  now. 

See  our  latest  launches  at  www.apc.com 
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Data  life  cycle 

continued  from  page  62 

“Controlling  the  utilization  of  unstructured  data  is  incred¬ 
ibly  challenging,  because  once  that  data’s  out  of  the  data¬ 
base,  controls  don’t  work,”  he  says. 

Centralized  database  security  management  and  auditing 
is  a  good  first  step.  But  organizations  should  also  protect 
the  safety  and  integrity  of  data  at  other  points. 

“You’ve  got  to  look  at  the  who,  what,  when,  where  and 
hows  of  data  protection:  Who’s  using  it,  what  they’re  doing 
with  it,  when  and  how  are  they  accessing  it,  how  it’s  being 
used,  when  it  comes  back,  and  how  it’s  securely  stored  and 
archived,”  explains  Gary  Clayton,  CEO  of  Privacy  Compli¬ 
ance  Group,  a  data  privacy  consulting  firm  in  Dallas.  No 
holistic  approach  exists  for  protecting  information  from 
cradle  to  grave  —  that  is,  as  it  traverses  desktops,  the  data¬ 
base,  the  network,  on  to  remote  users  and  business  part¬ 
ners,  then  resting  in  backup  and  storage,  analysts  and  users 
say.  Those  enterprises  tackling  the  problem  of  data  life- 
cycle  protection  are  doing  so  in  ways  as  unique  as  the 
organizations  themselves. 

Examining  data  life-cycle  protections 

One  of  them  is  Houston-based  Halliburton,  which  started 
looking  at  data  life-cycle  protections  in  2003.  In  the  light  of 
publicity  around  data  leakage  at  Microsoft  and  other 
Fortune  500s,  Halliburton  executives  began  asking  how  to 
control  the  organization’s  vast  information  resources.They 
questioned  how  much  information  the  company  had, 
where  it  resided  and  for  what  it  was  being  used. 

They  quickly  realized  the  task’s  complexity“Data  goes  far 
beyond  the  database,  particularly  when  you’re  looking  at 
document  and  content  management.  Not  only  does  it  fall 
under  management  for  internal  users,  but  how  are  you  sep¬ 


arating  controls  for  documents  and  files  accessed  from  the 
Web  or  being  sent  in  e-mail?”  asks  Mark  Johnson,  chief  in¬ 
formation  security  officer  at  Halliburton. 

The  Halliburton  team  has  since  investigated  a  variety  of 
data-protection  tools  for  e-mail, desktops  and  storage.These 
include  Symantec’s  Enterprise  Vault  e-mail  storage  archiv¬ 
ing  software  (available  because  of  the  Veritas  acquisition) 
and  Microsoft’s  Rights  Management  Services,  which  en¬ 
crypts  protected  information  on  the  desktop  in  Office  app¬ 
lications  and  Exchange,  and  on  file  and  print  servers. 

But  Halliburton  decided  not  to  implement  any  of  the 
tools  it  evaluated.  It  found  the  tools  were  not  comprehen¬ 
sive  enough,  required  too  much  intensive  custom  develop¬ 
ment  to  integrate  into  its  enterprise  infrastructure,  and 
called  for  extensive  retraining  and  education  of  employ¬ 
ees,  Johnson  says. 

Instead,  Halliburton  took  the  interim  step  of  commission¬ 
ing  an  outside  firm  to  monitor  the  organizational  networks 
and  identify  what  information  needs  to  be  protected  —  pri¬ 
marily  being  intellectual  property  customer  and  marketing 
information.  Then  they  isolated  those  information  sources 
to  heavily-secured  LAN  segments  where  they  monitor 
what’s  coming  to  into  and  out  of  them  to  determine  anom¬ 
alous  user  behaviors.  In  addition,  they’re  currently  installing 
a  digital  forensics  tool,  EnCase,  to  help  them  search  for  intel¬ 
lectual  property  violations  among  user  computers. 

“It’s  a  shot  in  the  dark,  and  there’s  a  limit  on  things  you 
can  search  without  violating  employee  privacy  But  we’re 
trying  to  be  creative  in  determining  if  something’s  going 
outside  of  the  controlled  workgroups,” says  Erin  Buxton, 
global  IT  strategist  and  architect  at  Halliburton. 

The  where  of  data 

Like  Halliburton,  most  organizations  start  with  data  cen¬ 
tralization,  database  monitoring  and  network  auditing  to 


look  for  potential  use  violations,  says  Chris  Liebert,  senior 
Yankee  Group  analyst. “Data  security  right  now  is  being 
looked  at  from  the  user  perspective  —  Who  has  access  to 
what?  What  equipment  are  they  accessing  the  data  from  — 
and  then  putting  controls  around  that,” she  says.“So  vendors 
are  using  network  technologies  including  behavioral  analy¬ 
sis,  packet  inspection,  traffic-analysis  sensors,  heuristics  and 
correlation  to  watch  for  unauthorized  user  behaviors.” 

The  most  important  benefit  of  network  and  database 
application  monitoring  is  the  understanding  an  enterprise 
gains  about  the  network,  applications  and  the  at-risk  data 
housed  within  them,  consultants  and  users  say 

“Auditing  databases  on  structured  data  isn’t  new,  but  the 
issue  is  when  you  have  such  large  environments,  how  do 
you  reasonably  figure  out  what  auditable  data  you  care 
about  without  the  help  of  correlation,”  Carnegie  Mellon’s 
Jackson  adds. 

With  the  right  network,  application  and  user  information, 
organizations  can  develop  policies  and  procedures  around 
encryption,  access  controls  and  monitoring  rules.Then  they 
use  monitoring  and  correlation  to  look  for  signs  of  user  mis¬ 
behavior  (for  example,  an  attempt  to  download  large  cus¬ 
tomer  files  when  a  computer  has  not  done  that  before). 

Dave  Giambruno,  director  of  engineering  and  security  for 
Pitney  Bowes,  in  Stamford,  Conn., says  he  has  found  the 
Holy  Grail  in  IntuitiveLabs’  OPX  correlation  engine.  OPX 
correlates  —  120  million  times  daily  —  all  reports  coming 
off  network  devices  and  from  security  applications,  includ¬ 
ing  already  correlated  reports  from  Pitney  Bowes’  applica¬ 
tion  vulnerability  assessment  engine,  Application  Security’s 
AppDetective.  “Companies  run  their  security  in  silos,  look¬ 
ing  at  network,  application  and  data  security  as  separate 
geographies.You  need  a  combined  view  of  all  this  network 
data  that’s  driving  your  risk,”  Giambruno  says.  “From  an 

See  Data  life  cycle,  page  68 


How  to  implement  data  life-cycle  protection 


Determine  what  data  needs  life-cycle  protection.  Halliburton,  for 
example,  follows  the  80-15-5  rule  for  e-mail  records  management,  where¬ 
in  only  5%  of  its  data  (human  resources  and  other  retained  records) 
needs  strict  life-cycle  protection,  detailed  classification  and  ownership, 
and  specified  retention  periods;  15%  (workspace  documents)  needs 
some  protection,  high-level  classification  and  general  retention  periods 
to  allow  for  auto-deletion  after  one  to  four  years;  and  the  remaining  80% 


needs  neither  protection  nor  classification,  and  is  auto-deleted  after  i 
short  period,  such  as  90  days.  In  the  future,  Halliburton  plans  to  extend 
this  classification  to  documents  residing  elsewhere  on  the  network. 

Determine  where  that  data  resides:  in  database  applications  and  on 
file  servers,  over  the  network,  on  the  desktop,  in  e-mail  or  in 
storage/backup. 

Set  policy  and  controls  around  only  the  sensitive  data. Those  are: 
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Monitor  user  activity 
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On  the  network 

•  Encrypt 

•  Monitor  outbound  traffic 
for  anomalous  behavior 

•  Inspect  outbound  packets 
for  protected  data  types 


On  the  desktop 

•  Encrypt  stored  data 

•  Control  usage  (such  as 
copy/e-mail/print) 

•  Set  expiration  dates 


!n  e-mail 

•  Encrypt 

•  Control  usage  (such  as 
print/copy/forward) 

•  Set  data-expiration 
interval 


•  Encrypt 

•  Set  retention  time 

•  Map  to  document  type 
and  access  rules 


Application 


Performance 


Application 


Performance 


li  rlh 


YOUR  BRANCH  OFFICES 
ARE  GROUNDED  — AGAIN. 

Eliminate  application  delays  with  the  market  leader. 

With  Packeteer  WAN  optimization  appliances,  your  business-critical  applications  are 
cleared  for  take-off.  They  give  you  monitoring,  control,  acceleration,  and  management 
all  in  one,  convenient  appliance.  What's  more,  you  can  control  recreational  and 
malicious  traffic  to  further  improve  employee  productivity.  The  result?  Faster  access  to 
business-critical  applications  and  happier  branch  office  users. 

To  learn  more,  please  visit  www.packeteer.com/takeoff. 
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Data  life  cycle 

continued  from  page  64 

information  life-cycle  point  of  view, you  get  clarity  and  man¬ 
age  risk  in  the  context  of  all  your  communities  of  interest 
—  the  infrastructure  and  application  teams,  as  well  as  the 
business-unit  owners  themselves,  who  can  then  under¬ 
stand  the  risks  to  their  data  and  set  rules  around  them.” 

The  who  of  data 

OPXs  red, yellow  and  green  rating  system  attesting  to  the 
state  of  protected  applications  is  enough  to  satisfy  regula¬ 
tors,  Giambruno  says.  But  regulators  are  revisiting  guide¬ 
lines  to  look  beyond  who  has  authorized  access  to  data, 
contends  Chris  Sharp,  vice  president  of  security  services  for 
Verizon  Business’  consulting  services.  Soon,  he  says,  regula¬ 
tors  will  need  to  know  all  the  places  where  data  is  stored, 
who’s  interacting  with  the  data  and  the  means  taken  to  pro¬ 
tect  that  data  throughout  its  life  cycle.  Other  consultants 
and  IT  executives  agree. 

“Data  protection  is  more  than  securing  networks  and  de¬ 
vices,”  Clayton  adds.“Data  integrity  and  protecting  data  from 
unauthorized  use  and  destruction  also  is  part  of  the  infor¬ 
mation  protection  life  cycle.” 

This  level  of  data  integrity  and  protection  happens  pri¬ 
marily  at  the  network  layer,  in  two  ways:  by  monitoring  net¬ 
work  traffic  for  behaviors  indicative  of  a  data-policy  breach 
(such  as  large  files  uploaded  to  a  user  computer  late  at 
night),  or  by  inspecting  outbound  packets  for  protected 
data  types  (such  as  SSNs  or  CAD  drawings). 

“Say  all  of  a  sudden,  we’re  seeing  a  user  downloading  10 
megabytes  of  peer-to-peer  files  over  a  two-hour  period.  We 
know  that’s  not  normal,”  says  Herb  Tong,  network  manager 
for  the  city  of  San  Francisco. 

P&cketMotion’s  PacketSentry  real-time  traffic  analysis  tool 
enables  Tong  to  determine  the  file  types  being  transferred 
and  the  IP  addresses  from  which  the  download  requests 
emanated.  Once  Tong  has  this  information,  he  contacts  the 
department  supervisor  regarding  the  situation. 

Instead  of  anomalous  behavior,  Perpetual  Entertainment, a 
computer  gaming  start-up  in  San  Francisco,  relies  on  the 
packet-inspection  method  to  monitor  outbound  transmis¬ 
sions  for  protected  intellectual  property  It  uses  Tablus’  Con¬ 
tent  Alarm  software,  which  looks  for  data  types  specified  as 
protected  and  automatically  can  issue  an  alert,  block  the 
transmission  or  take  other  actions  based  on  policy 

False  positives,  in  which  legitimate  data  is  tagged  and 
blocked  because  data  sequences  might  too  closely  resem¬ 
ble  those  of  a  protected  data  type,  can  be  a  problem  with 
packet-inspection  technologies,  analysts  and  enterprise 
executives  warn.  But  Perpetual  Entertainment  has  had  no 
such  problems  over  the  past  two  years  using  Content  Alarm 
to  scan  outgoing  data  in  packet  streams,  says  Mark  Rizzo, 
vice  president  of  operations  at  the  company. 

The  how  of  data 

Nor  has  Rizzo  had  any  problems  with  Tablus’  Content 
Sentinel,  which  he  uses  to  scan  desktops. 

“When  1  ran  a  distributed  scan  for  at-risk  personally  iden¬ 
tifiable  information,  1  was  amazed  at  what  [Content  Sen¬ 
tinel]  found  in  recycle  bins,”  he  says.“From  that  scan,  1  was 
able  to  alter  policies  on  how  human  resources  stores  and 
transmits  records.” 

Now  Rizzo  wants  to  install  Content  Alarm  DT, Tablus’  desk- 


■“  . 1,1,1 

Google  it 

How  search  helps  out  with 
data  life-cycle  protection. 

New  enterprise  search  engines  should 
make  it  easier  to  locate  and  tag  informa¬ 
tion  sources  requiring  life-cycle  protection. 
These  include  products  such  as  Oracle’s 
Secure  Enterprise  Search  lOg  and  IBM’s 
WebSphere  Information  Integrator,  as  well 
as  third-party  appliances  running  Google 
search  engines. 

“The  power  of  the  search  engine  is  in¬ 
credible,”  says  Marcus  Sachs,  who  directs 
Homeland  Security's  cyber  security  re¬ 
search  out  of  SRI  International.  “If  you’ve 
got  keywords  that  appear  in  documents 
prone  to  information  leakage,  Google  can 
find  these  words  appearing  on  the  desktop 
computers  that  they  shouldn’t  be  appear¬ 
ing  on.  It  also  can  show  me  whether  or  not 
those  keywords  have  passed  through  my 
e-mail  server,”  he  says. 

While  Google  came  under  fire  in  a 
February  Gartner  report  for  Google 
Desktop  3,  which  dished  up  corporate 
search  information  to  Google’s  own 
servers,  Sachs  says  that’s  not  a  concern 
with  third-party  products  using  Google’s 
search  engines  to  locate  sensitive  data. 
Such  products  restrict  this  from  happen¬ 
ing,  as  well  as  provide  many  other  addition¬ 
al  security  and  reporting  features,  he  adds. 

For  example,  Secure  Elements  in  April  will 
release  a  beta  version  of  a  Google  search 
appliance,  C5  Insight,  allowing  enterprise 
managers  to  ask  "what  if”  questions  of 
their  infrastructures  and  system  logs  to 
determine  patch  levels,  application  vulner¬ 
abilities  and  other  network-related  risk  in¬ 
formation.  (Sachs  sits  on  the  advisory 
board  for  Secure  Elements.) 

—  Deborah  Radcliff 


top  data-management  tool,  to  prevent  the  transfer  of  infor¬ 
mation  marked  as  private  to  USB  devices,  CD  burners  and 
print  servers  (so  it  can’t  be  printed  and  carried  out  of  the 
organization)  and  to  prohibit  the  copying  of  such  informa¬ 
tion  into  instant  messages  or  email.  Network-based  tech¬ 
nologies  cannot  protect  against  these  actions.  He’s  waiting 
for  the  software’s  next  release,  which  should  support  his 
implementation  of  Microsoft  Distributed  File  System.  That 
release  is  scheduled  for  this  summer. 

Other  enterprises  are  also  discovering  this  new  breed  of 
product  that  helps  control  how  users  interact  with  data  at 
the  desktop.  For  example,  Employee  Benefit  Management 
Corp.(EBMC),in  Dublin,  Ohio,  uses  Liquid  Machines’ EMail 
Control  to  enforce  encryption,  expiration  and  use  policies 
(such  as  print,  copy,  distribute)  on  e-mail  containing  med¬ 


ical  data  sent  between  EBMC’s  Microsoft  Exchange  server 
and  its  60  employer  partners.  Besides  Email  Control,  EBMC 
uses  outbound  traffic  and  database-monitoring  tools  to 
secure  data,  says  Renee  Haas,  vice  president  of  operations 
at  the  company 

To  protect  regulated  data  for  compliance  initiatives,  med¬ 
ical-related  companies, such  as  EBMC, often  begin  with  the 
e-mail  application  because  that’s  where  most  of  the  con¬ 
trols  need  to  be,  says  Ed  Gaudet,  vice  president  of  product 
management  for  Liquid  Machines.“Equally  important  is  in¬ 
tellectual  property  stored  in  spreadsheets  and  other  Office 
applications,”  he  says.  Liquid  Machines  also  offers  enter¬ 
prise  rights  management  software  for  protecting  data  by 
enforcing  encryption  and  use  policies  in  applications, 
including  Office, Visio  and  CAD. 

Some  start-ups,  such  as  Blue  Jungle,  with  its  Compliant 
Enterprise,  use  agent  technologies  installed  on  endpoints 
to  enforce  information-usage  rules  on  selected  documents 
at  the  desktop,  including  copy/forward/print  and  e-mail, 
according  to  policy  This  enforcement  would  be  especially 
useful  for  putting  controls  around  regulated  financial  data, 
says  Halliburton’s  Johnson,  who  ran  a  proof  of  concept  on 
the  Blue  Jungle  product  last  year.  But  the  system  doesn’t 
scale  to  fit  his  outside  user  population,  particularly  the 
thousands  of  suppliers,  consultants  and  contractors  with 
whom  Halliburton  shares  intellectual  property 

In  some  cases,  data  may  be  too  critical  to  be  allowed  on 
desktop  at  all,  Verizon’s  Sharp  says.  Many  high-end  clients 
allow  only  temporary  sessions  between  the  database  and 
desktop  and  scrub  the  cache  each  time  a  user  session 
times  out,  he  explains. 

The  when  of  data 

The  final  place  data  needs  protecting  is  in  storage  and 
back-up  systems.  This  means  encrypting  sensitive  informa¬ 
tion  in  e-mail  archives  and  in  tape, disk  and  online  back-up 
systems.  And  to  meet  data-retention  regulations,  this  also 
means  storing  the  information  for  a  set  amount  of  time,  put¬ 
ting  controls  around  how  quickly  it  can  be  recovered,  then 
mapping  what  type  of  document,  access  and  retention 
period  is  associated  with  the  data, says  Tom  Dwyer,  a  Yankee 
Group  research  director. 

Look  to  see  this  functionality  coming  out  of  partnerships 
between  suppliers  of  enterprise  content*  management  and 
storage  management,  he  says,  pointing  to  the  partnership 
between  content-management  vendor  Mobius  Manage¬ 
ment  Systems  and  storage-management  vendor  EMC. 
Atempo’s  Live  Backup,  WysDM  Software’s  WysDM  for  Back¬ 
ups  and  others  also  perform  similar  data-protection  func¬ 
tions  in  back-up,  storage  and  archiving  systems. 

Clearly,  information  life-cycle  protection  won’t  be  easy 
There  are  pitfalls  with  false-positives  and  information  over¬ 
load  if  monitoring  and  correlation  technologies  aren’t  im¬ 
plemented  correctly  Encrypting  can  bloat  your  information 
systems  and  burden  your  users.  (Look  to  the  storage-en¬ 
cryption  standard  IEEE  PI 619  to  lighten  the  bloat, at  least  in 
data  storage.)  Only  one  technology  vendor,  Adobe,  tightly 
controls  desktop  files,  but  only  on  its  own  file  types.  Yet, 
early  adopters  say  it’s  time  to  try  to  protect  critical  data 
from  a  life-cycle  standpoint  in  today’s  open  enterprises. 

Radcliff  is  a  freelance  writer  in  California.  She  can  be 
reached  at  deb@radcliff.com. 
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Open  network  access  istaood  for  business. 
Open  network  access  is  bad  for  security. 
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The  Answer:  Proven  security. 


Network  Access  Control 


Vulnerability  Management 


Intrusion  Prevention 


E-Mail  &  Web  Security 


Anti-Spam  &  Anti-Spyware 


Anti-Virus 


Thanks  to  the  growth  of  mobile  devices  and  wireless  access,  your  workforce  and  guests  can  access  your 
network  from  almost  anywhere.  So  what’s  the  smartest  way  to  keep  it  secure?  McAfee11  has  the  answer. 
With  our  network  access  control  solution,  featuring  McAfee  Policy  Enforcer,  your  security  standards  are 
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continuously  enforced — even  when  users  are  on  the  road.  That  means  noncompliant  or  infected  PCs, 
laptops,  and  PDAs  can  be  identified,  quarantined,  and  made  secure  before  they  cause  damage.  Backed 
by  more  than  15  years  of  experience  supporting  and  protecting  our  customers,  McAfees  software, 
hardware,  and  services  are  a  proven  way  to  secure  your  business.  Learn  more  at  wvvw.mcafee.com/access 
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Bernie 


Donnelly 

Vice  president  of 
quality  assurance, 
Philadelphia  Stock 
Exchange 
Favorite  security 
technology:  Consul's 
Consul  Insight  audit  and 
compliance  software 
Worst  security  nightmare: 
USB  flash  drives. 


More  efficiency  vs.  more 
speak  frankly  about  automated  security  in  the 
New  Data  Center. 

BY  SANDY  GITTLEN 


Automating  security  can  lead  to  streamlined,  yet  powerful,  security 

operations.  But  it  also  can  create  a  false  sense  of  security  for  the 
New  Data  Center.  In  this  roundtable,  three  enterprise  security 
leaders  discuss  how  organizations  can  ensure  the  best  results. 


Kim  Jones 

Vice  president  of 
global  security 
services,  eFunds 
Favorite  security 
technology:  Any 
technology  that  does 
the  job  properly  and 
lives  up  to  expectations. 
Worst  security  nightmare 
Technology  that’s 
simply  ‘thrown’  at 
a  problem  in  the 
hopes  of  solving  it. 


Doug  Torre 

IT  director,  Catholic 
Health  System 
Favorite  security 
technology: 

Elemental  Security’s 
Elemental  Compliance 
System.  Worst  security 
nightmare:  When 
individuals  and/or 
organizations 
ignore  nsk(s). 


They  are:  Bernie  Donnelly,  vice  president  of  quality  assurance  at  the  Philadelphia 
Stock  Exchange;  Kim  Jones,  vice  president  of  global  security  services  at  eFunds  in 
Scottsdale,  Ariz.;  and  Doug  Torre,  IT  director  of  Catholic  Health  System  in  Buffalo,  N.Y 


Automation  is  a  basic  tenet  of  the  New  Data 
Center.  So  far,  how  have  you  applied  automa¬ 
tion  to  security  functions? 

Donnelly:  We  have  an  extremely  high  percentage  of  auto¬ 
mation.  I’m  not  sure  how  you  can  run  security  without  a 
high  amount  of  automation  today  With  all  the  firewalls 
and  the  different  tools  you  need  in  place,  it’s  got  to  be 
automated.  It’s  impossible  to  manage  any  of  that  on  a  man¬ 
ual  basis.  But,  one  of  the  downfalls  is  that  you  can  get  so 
automated  that  you  start  taking  your  protections  for 
granted. The  key  is  updating  your  filters  to  make  sure  you 
don’t  get  too  comfortable  with  your  automation. 

Jones:  Given  the  extent  of  the  electronic  funds  trans¬ 
actions  we  handle,  [personal]  data  that  I  secure  and  the 
depth  and  breadth  of  my  network,  there  is  no  way  we 
could  do  our  jobs  without  automation.  But  you  have  to 
set  the  rules,  set  the  filters  correctly. You  can’t  lose  sight 
of  the  fact  that  that  manual  interface  is  still  critical. 

Torre:  It’s  not  like  somebody  could  individually  check 
each  packet  traversing  the  network.  So  you  become 
reliant  upon  certain  controls  —  network  controls,  net¬ 
work  access  controls  —  that  are  fully  automated.  And 
there  have  to  be  really  good  policies  and  assessments 
to  correctly  tune  and  implement  those  controls.  There 
needs  to  be  a  roll-up  of  or  dashboard  to  this  telemetry 
across  the  network  so  that  it  can  be  put  into  a  useful  for¬ 
mat.  A  lot  of  folks  who  tried  to  implement  intrusion 
detection  found  out  early  the  noise-to-signal  [ratio  was 
too  high], and  they  couldn’t  interpret  the  data. 


How  do  the  rest  of  you  do  event  management9 

Donnelly:  For  a  number  of  years,  the  Securities  and  Ex¬ 
change  Commission  [SEC]  has  been  hounding  us  to  per¬ 
form  security  reviews  on  our  logs  within  the  various  sys¬ 
tems.  We  run  a  three-platform  system:  the  IBM  mainframe, 
the  Stratus  [Technologies’]  trading  engine  and  a  Sun 
peripheral  base  going  out  to  the  trading  floors.  We  worked 
with  Consul  on  a  package  that  would  allow  us  to  bring  the 
logs  from  those  three  platforms  into  a  single  server,  and 
aggregate  them  into  a  single  language.That  certainly  helped 
with  manpower.  But  these  paper  logs  each  ran  around  8  feet 
long.  It’s  impossible  not  to  have  that  automated. 

Does  too  much  automation  provide  a  crutch? 

Jones:  Automating  a  bad  or  ineffective  process  just  gives 
you  a  very  fast  and  very  efficient  bad  and  ineffective  pro¬ 
cess.  There  is  a  tendency  particularly  as  security  decisions 
move  back  into  the  boardroom,  to  jump  toward  a  tool  or  a 
black  box  or  an  appliance  that  can  make  this  all  go  away 
If  you  haven’t  taken  those  fundamental  steps  toward  defin¬ 
ing  your  processes  and  controls  and  what  you’re  trying  to 
get  your  hands  around,  then  maybe  even  a  little  bit  of 
automation  may  be  too  much. 

Torre:  [Automation]  doesn’t  replace  a  security  program. 
So  building  up  and  designing  and  architecting  the  appro¬ 
priate  security  levels  for  what  you’re  trying  to  do,  that’s  not 
something  you  automate.  That  takes  critical  thinking  and 
adjusting  to  the  institutional  policies  and  leading  people 
and  relationships  and  businesses  to  get  to  the  desired  level 

See  Roundtable,  page  72 


Chaos,  now  under 
your  control. 


HP  PROLIANT  BL35p  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Dual-Core  AMD  Opteron™  200  Series  processors 

•  High  density:  Up  to  96  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 


•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 

•  Integrated  Cisco  or  Nortel  switch  options 

Save  up  to  $1,200  instantly  on  the  purchase  of  the 
HP  ProLiant  BL35p  Blade  Server.' 


HP  BladeSystem  servers  offer  tools  to  help  you  keep  pace  with  fluctuating  demands.  The  HP 

ProLiant  BL35p  Blade  Server  is  designed  to  relieve  some  of  the  stress.  Its  AMD  Opteron™ 
processors  offer  dual-processor  power  with  breakthrough  efficiency.  With  management 


features  like  the  Rapid  Deployment  Pack  that  lets  you  deploy  and  redeploy  blades  without 
missing  a  beat,  and  a  single-view,  graphical  user  interface  that  streamlines  monitoring 
and  configuration,  HP  BladeSystem  servers  work  with  you  so  you  don't  have  to  work  so 


HP  STORAGEWORKS  MSA1500cs 


with  StorageWorks  Essentials  Management  Software 
■  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures  for 
greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 

Get  2TB  of  storage  free  ($2,008.80  value)' 


hard.  And,  bundled  with  the  StorageWorks  MSA1500cs,  you  can  reduce  the  cost  and 
complexity  of  deploying  a  storage  area  network  giving  you  a  better  return  on  investment. 

Save  up  to  $1,200  instantly  on  the  purchase  of  the  HP  ProLiant  BL35p  Blade  Server.’ 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


AMD 


Opteron 


Call  1-888-223-5441 
Click  hp.com/go/bladesmag49 
Visit  your  local  reseller 


1 .  Save  up  to  $1 ,200  instantly  on  the  purchase  of  the  HP  ProLiant  BL35p  Blade  Server.  Offer  valid  through  4/30/06. 2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1 500cs  devices.  Offer  valid  through  4/30/06.  All  offers  available 
from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography  may  not 
accurately  represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price.  AMD,  the  AMD  Arrow  Logo,  AMD  Opteron  and  combinations  thereof  are  trademarks  of  Advanced  Micro  Devices,  Inc.  ©2006  Hewlett-Packard  Development  Company,  L.P. 
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of  security  Once  that  part  is  done,  which  frankly  is  a  difficult 
part  for  a  lot  of  organizations, you  have  to  reach  for  and  use 
every  tool  available  to  implement  those  controls.  Then,  on 
a  periodic  basis,  assess  how  you’re  doing.  None  of  that  gets 
replaced  through  automation.  The  automation  can  only 
support  what’s  been  architected. 

Jones:  When  !  came  here  three  years  ago,  there  was  a 
whole  lot  of  pressure  from  the  board  to  use  technology  to 
make  security-  and  compliance-related  problems  go  away 
quickly  1  said, 'If  we  jump  and  throw  technology  and  auto¬ 
mation  at  a  problem,  we’re  going  to  be  fixing  this  problem 
again  a  year  from  now  and  you  will  probably  be  fixing  it 
with  a  new  CSO  because  you  will  be  annoyed  at  me  be¬ 
cause  it  broke  again.’ 

Torre:  If  you  automate  before  doing  due  diligence,  you 
could  end  up  giving  a  false  sense  of  security  or  a  false 
acceptance  of  risk.  So  there’s  a  danger  there,  too. 

Jones:  You  build  an  effective  security  program,  then  no 
regulation  [will  force]  you  to  change  course. 

How  do  you  know  when  a  security  function  is 
ready  for  automation? 

Jones:  There  is  no  universal  automation-fits-all.  Automa¬ 
tion  is  a  force  multiplier,  allowing  you  to  do  things  more 


effectively  But  you  still  have  to  know  what  it  is  you’re  trying 
to  do  before  you  get  down  and  automate  it. 

Do  you  find  regulatory  bodies  trying  to  govern 
security  automation? 

Donnelly:  Automation  isn’t  on  their  radar.  They  are  con¬ 
cerned  about  yes  or  no  —  do  you  have  this  covered?  And 
how  a  company  covers  that  aspect  of  security  is  pretty 
much  up  to  [its  discretion] .  The  challenge  is  figuring  out 
which  appliances  fit  best  without  introducing  an  additional 
layer  of  challenges.  Nobody  has  that  one  box  that  does  it 
all.  So  when  you  start  building  security  devices  upon  each 
other,  you’ve  got  to  be  careful  that  you  don’t  get  too  cute  in 
your  architecture.  You  don’t  want  to  create  a  situation 
where  you  have  boxes  working  in  conflict  with  each  other 
and  possibly  giving  you  false  positives.  Auditors  will  pick 
that  up. To  them,  that’s  a  problem. 

Torre:  Regulators  first  frowned  at  our  automated  policy 
compliance,  but  finally  understood  the  benefit.  We  bought 
Elemental  Security’s  Elemental  Compliance  System,  which 
correlates  our  policies  to  various  regulatory  controls  like 
ISO  1799.  Initially  they  said, ‘What’s  the  benefit  to  that?’  I 
said, ‘Well,  let  me  ask  you,  how  do  you  know  that  we’re  com¬ 
plying  with  the  guidelines  that  you’re  setting?  We  give  you  a 
stack  of  papers  to  look  at,  but  how  do  you  actually  know 
that  that  is  meeting  your  requirements?’  So  now  reviews  go 
a  lot  faster. 


What  metrics  do  you  use  to  gauge  the  effective¬ 
ness  of  security  automation? 

Jones:  I  had  one  senior  leader  tell  me  it’d  be  really  nice  to 
talk  about  how  many  virus  attempts  were  thwarted  in  the 
environment  on  a  monthly  basis.That  sounds  like  a  neat  sta¬ 
tistic,  but  what  does  that  statistic  mean?  How  do  we  translate 
that  into  revenue  generation  within  my  overall  framework? 
There  are  a  lot  of  things  we  can  pull  out  of  the  environment, 
but  in  the  end,  my  difficulty  is  generating  metrics  that  are 
truly  meaningful  to  the  people  that  are  asking  for  them. 

Has  security  automation  changed  your  role? 

Donnelly:  Automation  brings  visibility  to  the  need  for 
security  at  a  higher-than-ever  level.  When  you’re  trying  to 
automate  these  processes, you  need  to  get  capital  funding, 
you  need  to  add  to  your  budgets  to  put  on  additional  per¬ 
sonnel  —  you’re  not  getting  clerks  anymore;  you’re  getting 
people  pushing  six  figures.  So  that  draws  a  lot  of  attention. 
The  positive  thing  is  that  this  has  been  driven  by  executives 
being  sensitive  to  the  auditors  and  driven  by  Sarbanes- 
Oxley  and  the  regulators’ influence  over  the  boards  and  the 
finance  committees.  Security  has  become  more  than  just 
an  issue  of  passwords  and  is  now  a  whole  different  level. 
That’s  a  challenge  for  everybody  in  security  to  rise  to. 

Gittlen  is  a  freelance  technology  editor  in  Northboro,  Mass. 
She  can  be  reached  at  sgittlen@charter.net. 


Today,  Dave  securely  managed 
the  UK,  Chicago  and  St.  Louis 
leaving  his  daughter’s  recital. 
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With  the  best-of-breed  security  in  Avocent  DSView  R  3  software,  the  world  can  finally  revolve  around  you. 

DSView  3  software  empowers  you  to  securely  manage  your  entire  data  center  -  even  when  you’re  thousands  of  miles 
away.  Avocent’s  exclusive  security  features,  like  virtual  media  support,  ensure  that  only  authorized  users  can  access  your 
devices.  And  we  extend  secure  access  and  control  to  your  “lights  out”  operations,  too.  Let  others  talk  about  security. 
Only  Avocent  field-proven  security  gives  you  true  peace  of  mind. 
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Learn  how  Avocent  can  help  make  your  data  center  more  secure. 

To  get  this  FREE  White  Paper,  visit  www.avocent.com/securitytoday 
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BETH  SCHULTZ 


When  you  work  on  the  nation's  largest  and  most  diverse  trading  net¬ 
work,  the  Chicago  Mercantile  Exchange's  sprawling  Globex  infra¬ 
structure,  keeping  systems  in  synch  is  a  change-management 
challenge  extraordinaire.  Any  slip-up  on  the  roughly  150  changes 
performed  during  the  average  week  could  have  a  big  financial  consequence. 


MA  T THE  W  GILSON 


The  types  of  changes  needed  to  keep  Globex  at  its  best 
I  vary  widelyA  router  operating  system  might  need  updating, 


servers  might  need  reconfiguring  ora  new  feature  might  be 

See  Chicago  Mercantile,  page  76 
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The  Chicago  Mercantile  Exchange  uses  auto 
mated  change  management  to  ensui 
online  trades  never  stall. 
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-  HEATHER  MUNOZ,  director  of 
computing,  Chicago  Mercantile  i 
(with  JOE  PANFIL,  director  of  eii 
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Introducing  the  industry's  only 
90  port  Gigabit  Ethernet  line  card. 
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added  to  a  trading  firm's  online  application, says  Joe  Panfil, 
who  as  director  of  enterprise  technology  services  oversees 
computer  operations,  the  distributed-computing  environ¬ 
ment  and  change-control  processes  at  the  CME.  But  thanks 
to  New  Data  Center  (NDC)  technology  change  manage¬ 
ment  has  become  a  non-issue  for  the  CME. 

CME  now  uses  heavy-duty  modeling  to  gain  more  in- 
depth  views  of  potential  errors  within  its  hardware  and  soft¬ 
ware  environments.  For  the  15  to  30  application-layer  up¬ 
dates  the  CME  makes  weekly  it  uses  BladeLogic's  auto¬ 
mated  change-management  tool  to  roll  changes  in  —  and 
back  out,  if  need  be, says  Heather  Munoz, director  of  distrib¬ 
uted  computing  at  the  exchange. 

Because  the  BladeLogic  Operations  Manager  tool  makes 
changes  easy  and  then  remove  them  when  testing  uncov¬ 
ers  a  problem,  the  rollout/rollback  process  has  become 
commonplace,  Munoz  says.  “Customers  are  constantly 
finding  unique,  esoteric  things  that  they  want  to  bring  to 
the  electronic  side,  but  sometimes  the  result  doesn't  have 
the  look  or  feel  or  interact  quite  the  way  they  want  it  to,” 
she  says. 

And  oftentimes,  rollout/rollback  is  part  of  the  plan, 
Munoz  adds.  As  an  example,  she  cites  setting  aside  three 
consecutive  Saturdays  in  late  January/early  February  for 
updating  a  customer's  trading  engine. She  rolled  out  appli¬ 
cation  updates  after  market  close  on  each  consecutive 
Friday,  then  “the  traders  came  in  on  Saturdays,  and  we  ran 
tests  [across  90  servers  in  a  production  environment]  ,then 
we  backed  out  the  changes”  until  everyone  was  satisfied 
and  the  engine  certified,  she  says. 

Operations  Manager  makes  efficient  what  could  be  a 
complex,  time-consuming  process.  That’s  because  the 
CME  can  bundle  the  changes  required  for  each  server  and 
have  those  updates  done  at  the  same  time  rather  than  on 
an  individual  basis.  IT  builds  the  packages  during  produc¬ 
tion  hours  and  schedules  them  for  rollout  after  the  market 
closes  Friday  at  4  p.m.  Rolling  out  changes  to  a  customer's 
2bserver  environment  might  take  only  4  minutes  total  vs. 
the  30  minutes  per  server  that  would  have  been  required 


with  the  manual  processes,  Munoz  says. 

Since  deploying  BladeLogic's  Operations  Manager  in  the 
fall  of  2004,  the  CME  has  experienced  no  downtime  be¬ 
cause  of  inconsistent  versioning  or  file  configurations, 
Munoz  says.That's  a  big  relief  for  IT,  as  inconsistencies  pre¬ 
viously  would  result  in  outages  and  CME  customers  going 
into  failover  mode,  she  adds. 

Now  with  Operations  Manager,  Munoz  runs  a  command 
to  check  a  new  configuration  against  the  previous  version. 
If  anything  is  off  —  the  size  of  binaries,  for  example  —  the 
tool  issues  an  alert,  and  she  can  initiate  a  rollback.  (For 
such  cases,  Munoz  cautiously  keeps  the  six  previous  con¬ 
figuration  files  on  hand.)  Like  the  rollout  of  an  application- 
layer  change  across  a  trading  firm's  20  servers,  for  exam¬ 
ple,  rollback  would  take  no  more  than  4  minutes,  she  says. 


By  using  the  automated  change-management  system, 
Munoz  finds  that  consistency  and  manageability  of 
Globex  has  increased  even  as  trading  volume  soared.  Over 
the  last  two  years,  the  CME  has  more  than  tripled  the  num¬ 
ber  of  servers  it  operates. 

In  2003,  the  CME  operated  a  mix  of  roughly  900  Unix  — 
ala  Sun  —  and  Linux  servers.  Today,  it  has  about  2,800 
servers.About  500  of  those  are  high-end  Sun  servers  running 
Solaris,  but  the  rest  are  Intel-  or  Advanced  Micro  Devices 
(AMD)-based  commodity  hardware  with  Red  Hat  Linux, 
Panfil  says.  “One  of  the  important  factors  and  big  explana¬ 
tion  of  why  we  need  so  many  servers  is  that  we  use  a  pub- 
lish-subscribe  network  protocol  to  bring  orders  in  and  dis¬ 
seminate  data  on  those  orders  out,”  he  says. 

See  Chicago  Mercantile,  page  78 


management  at  the  CME 


At  the  Chicago  Mercantile  Exchange,  the  onus  of  determining  what 
changes  to  make,  and  when  to  make  them,  falls  on  an  approvals 
board,  which  meets  each  Tuesday  morning  for  a  risk  assessment. 

The  directors  of  enterprise  technology  services,  technical  support 
and  development  make  the  change  decisions.  But  anyone  with  a 
change  request  must  come  to  the  meeting  for  a  quick  run-through  on 
what  they  need  to  make  happen.  “We  rely  on  anyone  else  in  the  room 
to  speak  up  if  they  think  the  change  will  impact  them,"  says  Joe  Panfil, 
director  of  enterprise  technology  services. 

Changes  and  testing  generally  take  place  when  the  market  is  down, 
from  4  p.m.  Friday  until  Sunday  at  noon. The  application  team  does  its 
updates  first,  then  the  network  team  works  on  larger  changes  that 
sometimes  require  that  all  processing  be  complete,  Panfil  says. 

With  all  the  changes  installed  comes  rigorous  systems  testing. 
“Somewhere  in  the  4  to  5:30  a.m.  time  frame  on  Saturday,  we  start  the 
,  servers  for  the  markets  that  would  come  up  at  the  beginning  of  the 

- - - 


workweek  and  start  testing,”  he  says.  If  problems  arise,  the  team  rolls 
back  the  change,  retests  the  original  configuration  and  makes  sure  all 
systems  are  ready  to  go  when  live  trading  begins  at  5  p.m.  Sunday. 
The  team  will  try  to  implement  the  change  on  another  weekend. 

To  accommodate  the  change-management  cycle  and  to  ensure  con¬ 
tinuous  coverage,  the  49-member  operations  team  works  in  three 
shifts  from  Sunday  10  a.m.  until  Saturday  5  p.m. 

The  47  software  and  hardware  systems  administrators  who  provide 
second-level  support  work  in  shifts  from  Sunday  2  p.m.  until  about 
Friday  10  p.m. 

“Both  operations  and  the  software  and  hardware  support  teams  are 
here  Friday  evening  supporting  system  changes,  then  on  a  i  ational 
basis  here  on  Saturday  to  support  testing  of  the  changes  implement¬ 
ed,”  Panfil  says,  noting  that  an  automated  change-management  tool 
makes  the  workweek  far  more  predictable  for  the  IT  teams. 

—  Beth  Schultz 
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It  is  easier 

to  make  things  complex 
than  it  is 
to  make  them 


simple. 


Introducing  CommandCenter®  NOC  and  CommandCenter  Secure  Gateway. 
Managing  IT  infrastructure  just  became  simple. 


Now  businesses  of  any  size  can  improve  service  levels,  spend  less  time  fighting  fires  and  focus  on 
activities  that  help  the  bottom  line.  Raritan’s  new  CommandCenter  management  products  are  the 
only  solutions  available  today  that  combine  the  power  of  systems, 
network  and  proactive  security  management  with  secure,  remote 
KVM  and  serial  console  access.  Learn  more  at  NowlTisSimple.com. 
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So  while  other  businesses  may 
focus  on  server  trends  such  as 
blade  computing,  consolidation 
and  virtualization,  the  CME 
pounces  on  processor  improve¬ 
ments  that  will  speed  the  round- 


trip  trade.  For  example,  it  has  im¬ 
plemented  AMD  dual-core  proces¬ 
sors,  and  is  testing  Sun's  multicore 
processors  in  the  lab. 

That's  not  to  say  Panfil  doesn't 
watch  for  server  sprawl.  He's 
always  on  the  lookout  for  smaller 
processors  with  big  horsepower. 
“We  do  have  processes  in  place 


to  reduce  our  servers  in  our  dis¬ 
aster  recovery,  quality  assurance 
and  development  environments, 
for  example.  And  we  move  off  of 
larger  servers,  as  far  as  frame  size 
goes,  given  space  constraints  in 
the  data  center,”  he  says.  “But  we 
can  never  deny  the  trading  infra¬ 
structure  its  resources.  It's  unac¬ 


ceptable  to  slow  down  an  elec¬ 
tronic  trade.” 

Using  Intel-based  Linux  servers 
has  enabled  the  CME  to  scale  hor¬ 
izontally  in  a  cost-effective  way 
while  executing  customer  trades 
in  increasingly  smaller  time 
frames,  Panfil  says. 

Customer  trades  now  execute 


in  less  than  50  to  60  millisec  on 
average,  the  CME  reports,  com¬ 
pared  with  around  140  millisec  in 
January  2004. 

When  you're  in  this  business, 
every  sliver  of  time  could  be 
worth  a  fortune.  ■ 

Globex  at 
a  glance 

•  The  Globex  infrastruc¬ 
ture  supports  the  near-24- 
hour-a-day,  five-day-a- 
week  online  trading  of 
futures  and  options  on 
futures  products,  such  as 
CME  Eurodollars,  S&P  500 
and  Nasdaq-100  index 
futures. 

•  In  January,  an  average 
daily  volume  of  3.3  million 
contracts  flowed  across 
Globex.  That  volume,  up 
30%  from  the  same  period 
a  year  ago,  represents  71% 
of  total  exchange  trading. 

•  The  average  daily  vol¬ 
ume  figures  represent 
only  matched  trades  — 
the  numbers  are  higher 
when  factoring  in  can¬ 
celed  orders  and  other 
such  transactions.  For 
example,  if  4.7  million  con¬ 
tracts  are  traded  in  one 
day,  the  CME  has  actually 
processed  anywhere  from 
10  million  to  15  million 
transactions. 

•  Customer  trades  now 
execute  in  less  than  50  to 
60  millisec  on  average,  the 
CME  reports,  compared 
with  around  140  millisec  in 
January  2004. 

•  To  support  Globex,  the 
CME  maintains  two  fully 
operational  data  centers 
in  the  Chicago  area,  plus  a 
data  center  in  London  and 
hub  sites  scattered  in 
Europe  and  one  in  Singa¬ 
pore.  A  third  Chicago-area 
data  center,  set  for  com¬ 
pletion  by  year-end,  will 
give  the  CME  more  devel¬ 
opment,  quality  assurance 
and  customer  testing 
facilities. 

—  Beth  Schultz 


Maybe  Trouble  Will  Just  Pass  You  By. 

(then  again...) 


Trouble  may  already  be  lurking  within  your  mission-critical  facility’s  electrical  and  mechanical  infra¬ 
structure.  And  wishing,  waiting,  hoping  and  holding  your  breath  won’t  make  the  problem  go  away... 
but  we  will.  Since  1983,  Lee  Technologies’  high-availability  products  and  services  have  made  us  the 
industry’s  most  respected  provider  of  mission-critical  infrastructure  solutions. 

Lee  Technologies  helps  ensure  maximum  uptime  as  well  as  compliance  with  regulatory  mandates 
such  as  Sarbanes-Oxley  and  HIPAA.  From  products  such  as  Uninterruptible  Power  Supplies  (UPS) 
to  design,  integration,  maintenance  and  monitoring,  we  equip  your  data  center  with  the  strength  and 
resiliency  to  keep  your  facility  up  and  running,  safe  and  sound. 

How  vulnerable  is  your  facility?  For  less  than  the  cost  of  a  minute  of  downtime,  Lee 
will  assess  your  site  and  identify  the  areas  that  put  you  the  most  at  risk  of  downtime.  For 
more  information,  to  schedule  a  Mission-Critical  Infrastructure  Assessment  (MCIA),  or  to 
receive  your  FREE  Guide,  Tiered  Maintenance  Standards  for  Mission- 
Critical  Infrastructure,  call  877-654-9662  or  visit  www.leemaximumuptime.com. 
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maybe  it’s  time 
you  look  at 

AdaptiveKVM” 

When  servers  are  down  or  inaccessible,  you  need 
fast  and  reliable  out-of-band  access  and  control. 

Cyclades  AdaptiveKVM™  (patent  pending)  is  the  industry’s  first 
integrated  solution  that  combines  KVM  over  IP  and  Microsoft® 
Remote  Desktop  Protocol  (RDP)  technology  in  a  single 
appliance.  By  using  KVM  over  IP  combined  with  RDP, 
AdaptiveKVM  provides  continuous  access  for  remote  server 
management. 

Next-Generation  KVM  Solution 


AlterPath™  KVM/netPlus 

....  :•-*  •  . 
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Your  Spot  Cooling  Specialists 
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The  Industry's  First 
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Within  Virtualized  Environments 
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Protecting  VMware  ESX  Servers 
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Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  &  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection  Gqw-* 
Program  Included 
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display  sizes  available 
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Eliminate  your  shop-floor 
PCs  with ... 


If  the  thought  of  finding  a  cobling  solution  is 
making  you  break  but  in  a  cold  sweat,  get  a 
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that’s  right  for  you?  Absolutely! 


The  Office  Pro  series 
provides  maximum 
cooling  for 
heat-sensitive 
equipment. 


COOL 


THE  #1  INNOVATIVE  SPOT  COOLING  SOLUTION 
Visit  movincool.com  or  call  800-264-9573  for  more  information  or  to  find  a  dealer  near  you. 


The  Heartbeat  of  your  Data  Center 

Dualcom  Plus 


cnonemm 


•  Individual  outlet  current  monitoring  •  Intuitive  user  interface 

•  Remote  reboot  and  management  •  SNMP  management 

•  Scheduling/programmable 


CYBER©SWITCHING® 


888-311-6277 

sales@cyberswitching.com 


408-292-0304 
www.  cyberswitch  ing .  com 


The  New  Data  Center 


www.  networkworld .  com/supp/SOOG/ndc/ 


March  SO,  3006 


NDC  insight 


B1 


Wait 

no 

more 

With  vendors  grid-enabling  applications,  and 

early  adopters  delighted,  2006  looks  like  the 
year  of  the  grid. 


BY  JULIE  BORT 

his  is  the  year  that  grid  computing  will  move 
with  a  bang  into  mainstream  corporate 
America,  say  analysts  at  firms  such  as  The  451 
Group.  Businesses  in  biotech,  the  sciences  and  financial 
services  industries  already  have  discovered  that  grids 
are  competitive  necessities. 

Enterprises  in  other  industries  are  expected  to  quickly 
follow  suit  as  they  discover  the  virtues  of  this  New  Data 
Center  server  architecture.  Simply  put,  stitching  together 
inexpensive  hardware  to  gain  supercomputer-like  power 
makes  a  lot  of  business  sense. 

And  yet,  most  enterprises  aren’t  in  dire  need  of  afford¬ 
able  supercomputing  power.  At  least,  they  don’t  realize 
they  are,  which  is  not  the  same  thing. 

Most  network  executives  haven’t  taken  enough  time  to 
experiment  with  grids  to  discover  which  of  their  current 
applications  could  benefit  from  this  type  of  server.  Why 
should  they,  when  servers  are  inexpensive  (price/per¬ 
formance-wise)  and  getting  more  affordable  all  the 
time?  Throwing  hardware  at  an  overloaded  application 
has  been  the  go-to  solution  for  the  past  decade.  Today 

blade  servers  and 
virtualization  soft¬ 
ware  are  helping 
to  solve  the  prolif¬ 
eration  crises  that 
such  inelegant 
CPU  management 
has  caused. 

But  after  you’ve 
virtualized  your 
infrastructure  so  one  physical  server  can  support  20  vir¬ 
tual  servers,  what  then?  Do  you  continue  to  glob  on  virtu¬ 
al  servers  with  the  same  mentality  that  caused  the  need 
for  virtualization  in  the  first  place?  If  there’s  one  lesson  we 
should  have  learned  from  the  client/server  revolution,  it  is 
that  inelegance  is  not  sustainable.This  is  true  even  on  the 
virtual  level. 

You  have  a  golden  window  of  opportunity  right  now. 
You  can  ignore  it  and  then  one  day  wake  up  suffering 
from  the  pain  of  an  overloaded,  outdated  infrastructure 
that  is  handing  business  to  your  competition.  Or  you 
can  gather  data  from  your  key  vendors  on  their  grid 
plans  and  use  this  research  to  architect  a  low-cost,  ex¬ 
perimental  grid. 

The  fact  that  your  no-grid  grace  period  is  about  to  expire 


.  .  .  most  enterprises 
aren’t  in  dire  need  of 
affordable  supercomputing 
power.  At  least,  they  don’t 
realize  they  are,  which  is 
not  the  same  thing. 


shouldn’t  surprise  you.The  general  assumption  of  the  net¬ 
work  industry  has  been  that  grids  will  become  the  de 
facto  server  infrastructure  for  enterprises  in  the  vague 
near  term. The  many  early  adopters  I’ve  talked  to  in  three 
years  of  covering  emerging  technologies  for  our  New 
Data  Center  series,  plus  the  research  numbers,  are  con¬ 
vincing.  Grid  users  consistently  testify  that  after  building  a 
grid  to  solve  a  specific  problem,  they  found  it  to  be  a  per¬ 
fect  platform  for  more  applications.  To  know  a  grid  is  to 
love  it,  early  adopters  say 

As  users  gain  experience,  they  realize  that  grids  may  be 
the  ideal  hardware  platform  to  support  a  Web  services/ 
services-oriented  architecture  (SOA)  platform.  Flexible 
software  needs  flexible  hardware.  This  has  not  been  lost 
on  the  grid  vendor  community  The  Global  Grid  Forum 
has  been  working  for  more  than  three  years  on  method¬ 
ologies  for  running  SOAs  on  grids.  Its  reference  frame¬ 
work  for  doing  this,  the  Open  Grid  Services  Architecture, 
was  published  in  January  2005. 

Many  major  enterprise  application  vendors  already 
have  a  compelling  grid  story  to  tell.  Oracle  has  been  push¬ 
ing  the  grid  terminology  around  for  quite  a  while.  But  it 
also  has  partnered  with  grid  software  maker  DataSynapse 
so  that  Oracle  lOg  can  be  optimized  for  that  vendor’s 
grids.  SAP  has  taken  a  more  promising  approach  by  re¬ 
designing  portions  of  its  software  to  work  with  open 
source  Globus-based  grids.  Insiders  say  enterprise  soft¬ 
ware  on  an  open  source  grid  will  jump-start  enterprise 
acceptance  of  grids  in  2006. 

Meanwhile,  testing  grids  for  hire,  such  as  the  computing 
infrastructure  available  at  United  Devices’  High-Per¬ 
formance  Computing  Collaboration  Center, are  beginning 
to  emerge. 

Increased  cooperation  among  grid  standards  bodies 
also  bodes  well  for  this  young  technology  In  November, 
two  leading  standards  bodies  announced  they  were  in 
talks  to  collaborate  better  and  said  they  may  merge  by 
summer. 

These  are  the  Enterprise  Grid  Alliance,  which  has 
focused  on  enterprise  grid  architectures,  and  the  Global 
Grid  Forum,  historically  aimed  at  scientific  grid  standards. 

All  of  this  can  only  be  good  news  for  your  own  ad¬ 
vanced,  flexible  and  superpowerful  infrastructure. 

Have  you  built  a  business  grid  you'd  like  to  tell  us 
about?  Contact  me  at  jbort@nwLV.com. 


Transition  Networks  sharpens  your  ability  to  do  smart  business  with 
modular  conversion  solutions  that  give  you  the  control  to  expand 
your  network  by  user,  distance,  or  protocol.  Put  us  between  your 
copper  and  fiber  for  a  secure  and  smooth  response  to  your 
networking  issues.  Our  media  converters  economically  accommodate 
multiple  protocols,  platforms  and  interfaces.  Contact  Transition 

Networks  and  take  dead  aim  at  doing  business  even  better. 

.TRANSITION^ 

NETWORKS® 

www.transition.com 

800-526-9267 

TRANSITION  NETWORKS 

FOR  ME. 
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Juggling  acts 

Healthcare  system  upgrades  infrastructure  to  keep  up  with  new  strategic  applications. 


BY  CARA  GARRETSON 

For  Community  Medical  Centers,  a  recent  move  to 
a  filmless  environment  has  had  multiple  business 
benefits.The  traditional  method  —  placing  images 
such  as  X-rays,  MRIs  and  ultrasounds  on  film  —  was 
expensive  and  time-consuming.  Two  years  ago  the  non¬ 
profit  hospital  group  began  moving  to  a  system  that 
would  let  those  images  traverse  the  network  so  techni¬ 
cians,  doctors  and  other  medical  staff  from  just  about 
anywhere  could  gain  access  to  them. 


Richard  Cummins,  Community  Medical 
Centers’  manager  of  network  services,  had 
questions  about  how  these  large  files 
would  affect  network  performance.  How 
would  the  organization,  which  operates  30 
hospitals,  clinics,  long-term  care  centers 
and  other  medical  facilities  in  central  Cali¬ 
fornia  from  its  headquarters  in  Fresno,  store 
and  archive  these  very  large  images? 

Implementing  this  project,  called  Picture 
Archival  Computer  System  (PACS),was  not 
Cummins’  direct  responsibility;  it  fell  on  the 
shoulders  of  the  business  applications  unit 
of  the  104-employee  IT  department.  But  the 
effect  large  imaging  files  would  have  on  the 
organization’s  network  and  storage  was 
indeed  Cummins’  problem. 

To  prepare  for  the  move  to  PACS, 
Cummins  reviewed  the  project  require¬ 
ments  and  assessed  the  existing  network, 
pinpointing  areas  where  additional  re¬ 
sources  would  be  needed.  He  discovered 
all  but  one  of  the  medical  group’s  locations 
could  handle  the  100MB  network  connec¬ 
tion  PACS  would  require;  that  location  was 
upgraded  from  a  45MB  to  a  1GB  connec¬ 
tion,  he  says.  He  purchased  a  second  HP 
modular  storage  array  with  14TB  of  Tier  2 
storage,  as  well  as  two  additional  4GB  Bro¬ 
cade  storage-area  network  (SAN)  switches 
and  an  HP  ESL  712  for  tape  backup.  The 
organization  also  installed  diagnostic  work¬ 
stations  for  radiologists’  use,  all  with 
resources  budgeted  for  PACS. 

The  architecture  behind  PACS  was  imple¬ 


mented  last  May  and  the  rollout  to  all  of 
Community  Medical  Centers’  facilities  was 
finished  in  November.  Overall,  PACS  cost  $8 
million  over  five  years;  the  infrastructure 
was  $1  million  of  that  figure, Cummins  says. 

The  ROI  was  instantaneous,  he  adds:  “The 
same  day  a  facility  went  live  [with  PACS] , 
radiologists  stopped  using  film  and  signifi¬ 
cantly  reduced  the  time  it  took  to  read  a 
study’ Although  the  organization  declined 
to  specify  how  much  money  PACS  has 
saved,  officials  refer  to  significant  reduc¬ 
tions  in  hard  costs  —  including  eliminating 
film  and  film  processing  expenses,  as  well 
as  the  cost  of  film  jackets  and  storage  —  in 
addition  to  soft  costs,  such  as  the  staff  time 
spent  looking  for  film  and  retaking  over-  or 
underexposed  X-rays. 

PACS  was  one  of  three  strategic  IT  initia¬ 
tives  going  on  simultaneously  at  Commun¬ 
ity  Medical  Centers  that  had  a  significant 
impact  on  the  organization’s  IT  infrastruc¬ 
ture.  The  second  was  the  move  to  electron¬ 
ic  medical  records,  completed  just  over  a 
year  ago,  which  makes  it  possible  for  physi¬ 
cians  to  sign  off  a  patient’s  chart  digitally 
and  remotely  The  third  was  a  physicians’ 
portal  launched  last  October  that  puts  all 
the  data  doctors  affiliated  with  the  organi¬ 
zation  need  in  one  central  location. These 
have  cost-saving  and  competitive  benefits, 
similar  to  those  PACS  provides,  but  they  also 
seriously  affected  the  network,  he  says. 

It  took  more  planning  than  simply  beef¬ 
ing  up  the  network  and  storage  systems  to 


prepare  for  all  these  projects.  It  required 
strategic  thinking  to  get  the  healthcare  sys¬ 
tem’s  infrastructure  to  a  point  where  it  can 
handle  new  applications  effectively  and  in 
a  cost-efficient  manner. 

For  example, “a  year  before  these  projects 
went  live,  Rich’s  team  had  to  redesign  how 
our  storage  architecture  looked,”  says 
George  Vasquez,  interim  CIO  and  director 
of  technology  services,  to  whom  Cummins 

reports.  “Disk  storage  is  very  expensive _ 

Once  a  patient  is  no  longer  in  the  hospital 
[large  image  files]  are  put  onto  cheaper 
solutions.  So  there’s  constant  movement 
from  primary  to  archival  storage  to  disaster 
recovery;  we  use  a  combination  of  disk  and 
tape.” 

Understanding  and  planning  for  the 
impact  strategic  applications  have  on  an  IT 
infrastructure  is  crucial,  but  not  all  that 
common, says  one  consultant.“You’d  be  sur¬ 
prised  how  few  organizations  really  do  a 
good  job  linking  their  [project]  portfolio 


management  and  investment  planning 
with  their  enterprise  architecture,”  says 
Dennis  Gaughan,  research  director  with 
AMR  Research. 

Cummins  makes  sure  someone  from  his 


11-person  network  services  group  is  inv¬ 
olved  in  each  new  IT  project.“We  can’t  just 
say, ‘Here’s  the  server,  go  install  your  appli¬ 
cation’  each  time  there’s  a  business  or  clini¬ 
cal  project.  Someone  from  the  infrastruc¬ 
ture  team  has  to  be  on  that  project,” 
Cummins  says. 

Community  Medical  Centers’  IT  depart¬ 
ment  spends  65%  of  its  time  maintaining 
the  existing  architecture,  30%  on  new  pro¬ 
jects  and  5%  on  training.“We  know  we  can’t 
do  all  of  these  projects  and  keep  the  sys¬ 
tems  running”  without  such  a  strong  focus 
on  maintenance, Vasquez  says. 

By  doing  his  part  to  keep  Community 
Medical  Centers’  IT  infrastructure  on  pace 
with  strategic  projects,  Cummins  is  helping 
the  organization  remain  competitive. 
Upcoming  plans  include  rolling  out  elec¬ 
tronic  medical  records  to  its  clinics,  bring¬ 
ing  a  new  imaging  center  online  and 
upgrading  its  hospital  information  system 
applications. 


“We’ve  created  an  environment  where,  if 
physicians  want  to  come  here  to  practice 
we  give  them  the  best  facilities  —  operating 
rooms,  nursing  staff  —  and  the  best  infor¬ 
mation  systems  as  well,”  Cummins  says.  B 


Richard  Cummins,  left,  Community  Medical  Centers’  manager  of  network  services,  and  George 
Vasquez,  interim  CIO  and  director  of  technology  services,  work  together  to  ensure  the  organiza¬ 
tion's  infrastructure  is  ready  for  new  projects. 
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Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 


Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 


Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you’d  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 


NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 
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NetSupport 


What's  on  your 

etwork? 


Find  out  with  NetSupport. 


Visit  www.netsupport-inc.com  and  download  a  full  trial  license  today. 
And  in  30  minutes  start  viewing  your  vital  Asset  Information. 


Sales:  1-888-665-0808 

www.netsupport-inc.com 


SERVERS  WITHIN  YOUR  REACH 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


UltraMatrix™ 

E-series 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


KVM  SWITCH 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 


Keyboard 


800-333-9343 

WWW.ROSE.COM 


# 


ELECTRONICS 


POSE  US  281  933  7673 

ROSE  EUROPE  +44  (0)  1264  850574 
ROSE  ASIA  4  65  6324  2322 

ROSEAU  ’P ALIA  +617  3388  1540 


I  need  modular  racks  that  I  can  reconfigure  quickly. 

I  need  to  pull  12,000  feet  of  optical  fiber  and  add  700 
rack  units  of  new  hardware — by  Friday. 


A  Pentair  Company 


I  need  Hoffman. 


Get  datacom  protection  and  storage  built  to  meet  demanding  standards. 

More  technology  professionals  turn  to  Hoffman  for  their  networking  equipment  needs.  Hoffman  offers: 

■  The  broadest  range  of  innovative  racks,  cabinets,  cable  management  solutions  and  network  accessories. 

■  Comprehensive  online  configuration,  planning  tools  and  project  management  support. 

■  The  most  standard  product  modification  options  in  the  industry. 

■  Expert  solutions  in  thermal  management,  EMI/RFI  shielding,  seismic  vibration  and  extreme  environments. 

■  Fast  ordering  and  local  availability. 

Get  everything  you  need — when  you  need  it — from  one  source  you  can  trust.  Hoffman. 


Hoffman.  What  your  work  demands. 


www.ehoffman.com 
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SiiiMPol  Power  on  Any  AC 
Poured  Device ... 

Via  Web  Browser,  Telnet, 

Modem  or  Local  Terminal 

Servers,  routers,  and  other  electronic  equipment  occasionally 
“lock-up”,  often  requiring  a  service  call  to  a  remote  site  just  to 
flip  the  power  switch  to  perform  a  simple  reboot.  With  WTI’s 
Remote  Power  Switches,  you  can  perform  reboot  and  On/Off 
control  from  anywhere! 

(v)  Web  Browser  Access  for  Easy  Setup  and  Operation 

(>2)  Vertical  or  Horizontal  Zero  U  Space  Mounting  Options 

(v)  Dual  15  or  20  Amp  Power  Circuits 

(v)  Switch  up  to  8,320  Watts 

©  1 1 5  VAC  Models  -  NEMA  5-1 5R  Outlets 

(y)  208/230  VAC  Models  -  IEC320-C13  Outlets 

(v)  Up  to  Sixteen  (16)  Individual  Outlets 

©  Power-Up  Sequencing 

(J7)  RS232  Modem/Console  Port 

(v)  Accepts  Standard  C-19  to  L5/6-20P  Power  Cords 


Yes,  We  are  Customer  Friendly! 

/  Two  Year  Warranty 

V  We  Stock  for  Same  Day  Shipment 

V  30  Day  Return  Policy 

V  Call  or  Email  lor  an  Online  Demo 


IPS- 1600 


Dual 

Power 

Inputs 
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Model 

NBB-1600 

www.wti.com 


western  telematic  incorporated 

5  Sterling  *  Irvine  »  California  •  92618-2517  «  (800)  854-7226 
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Web  Browser  Interface 
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SENSAPHONE 

IMB-4DDQ 


Monitor  the  REST  of  your  Computer  Room! 

T- 


Water  on  the  Floor 

Temperature 

Power  Problems 

Security 

Smoke  and  Fire 

Humidity 

Video 

And  much  more 
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Sends 


Dealers  Wan  tea 
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Internal 

UPS 


ONE  PHONE  SYSTEM 

for  many  branch  offices 


EXTend  your  PBX  to  any  SZZtx 

■  llHHl  conumiititims  A  Cltel  Company 

remote  location  with: 

Seamlessly  connect  remote  sites  to  your  main  PBX  over  Tl,  IP, 
ISDN,  Frame  Relay,  Cable  Modem,  DSL.  Compatible  with:  Norstar, 
Meridian,  Definity,  Panasonic  DBS,  Toshiba,  NEC. 


Tl  or  IP 


BRANCH 

OFFICE 

CSU/DSU 

Extender 

6000 

»  mm 

PHONES 


CORPORATE  OFFICE 


CSU/DSU 


PBXgateway 


PERFECT  FIT  FOR  BRANCH  OFFICES, 
TELECOMMUTERS,  MOBILE  EMPLOYEES 


New,  Refurb,  Installation,  Support 


|  rickenbacker| 


communications 


MCK  Certified  Service  Provider 

11  Chestnut  Street,  S-4,  Andover,  MA  01810 
phone  -  978.475.7200  fax  -  978.428.6200 
www.rickenbackercommunications.com 
Email:  tom@rickenbackercommunications.com 


Current  sniffer  can't  keep  up? 


Clear  out  problems  with  Observer  11.  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


NETWORK’ 

INSTRUMENTS 


Wired  to  wireless,  LAN  to  WAN ,  One  network  -  complete  control. 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 


OBSERVER' 


Increase  your  data  center  availability 


...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 

Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 

Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 

Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 

•  Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  i379x  •  Call  888-289-APCC  x6831  •  Fax 40 1-788-2797 

©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 

Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  orTelnet  interfaces. 

From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


With  over  15  million 
satisfied  customers, 
APC's  Legendary  Reliability™ 
guarantees  peace  of  mind. 


Legendary  Reliability* 


AX4A05EP-US 


_ 


croearch 


Instantly  Search  j 

Terabytes  ofJext_ 


images 


‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second”  —  InfoWorld 

♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc.  Ask  about  new  .NET  Spider  API 


dtSearch  vs.  the  competition: 
“dtSearch  easily  overpowered  the 
document  indexing  and  searching 
abilities  of  other  solutions,  especially 
against  large  volumes  of  documents” 

Reliability:  “dtSearch  got  the  highest 
marks  from  our  systems  engineering 
folks  that  I've  ever  heard  of” 

Results:  “customer  response  has  been 
phenomenal” 

For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 


‘For  combing  through  large  amounts  of 
data,  dtSearch  ...  leads  the  market” 

—  Network  Computing 

‘Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 

‘Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 

‘A  powerful  arsenal  of  search  tools” 

—  The  New  York  Times 

‘Powerful  Web-based  engines”  —  eWeek 
‘Blazing  speeds” 

—  Computer  Reseller  News  Test  Center 

‘The  most  powerful  document  search  tool 
on  the  market”  —  Wired  Magazine 


The  Smart  Choice  for  Text  Retrieval®  since  1991 
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networkTAPs© 


TAP  Into  Your  Network 


Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper nTAPs 

10/100 . $395 

10/100/1000 . .$£#.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . $1,495 


i 


Optical  nTAPs 

One-Channel . $395\...$  295 

Two-Channel . 5? ....$575 

Three-Channel  ,...$'U^  ....$845 


'  iearn  mere  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery* 


F€  C€ 


•Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LlC. 


nTAP 


MiniGoose 

Climate  Monitor 
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Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500 
and  up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 
1900  x128  or  E-mail:  networkworld@reprintbuyer.com. 


■  Network  World.  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone: (508) 460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 


■  Sales  Offices 

Carol  Lasker,  Executive  Vice  President,  Sales 
Jane  Weissman,  Sales  Operations  Manager 
Internet:  clasker,  jweissman@nww.com 
(508)  480-3333/FAX:  (508)  460-1237 _ _ _ 


Evilee  Ebb,  CEO/Publisher 
John  Gallant,  President/Editorial  Director 
W.  Michael  Draper,  Chief  Operating  Officer 
Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro-White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Eric  Cormier,  Human  Resources  Manager 

CUSTOM  MEDIA 

Michael  Siggins,  Associate  Publisher/Custom  Media 

MARKETING 

TerryAnn  Fitzgerald,  Sr.  Director  of  Customer  Experience 
Jeanne  Seltzer,  Marketing  Communications  Manager 
Barbara  Sullivan,  Senior  Research  Analyst 
Judy  Schultz,  Marketing  Design  Manager 
Cindy  Panzera,  Marketing  Designer 
Deborah  Vozikis,  Design  Manager  Online 
PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Senior  Director,  Advertising  Operations 
Mike  Guerin,  Manager  of  ProductionTechnologies 
JamiThompson,  Sr.  Production  Coordinator 
Veronica Trotto,  Online  Operations  Coordinator 
Jane  Wilbur,  Online  AdTraffic  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 
Christina  Pankievich,  Advertising  Coordinator 
CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Bobbie  Cruse,  Subscriptions  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Amy  Bonner,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

Toll  free:  (800)  434-5478  ext.  6026/Direct:  (508)  370-0826 

Fax:  (508)  370-0020 

SEMINARS.  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Neal  Silverman,  ExecutiveV.  P.,  Events  &  Executive  Forums 

Mike  Garity,  Sr.  Director,  Marketing  &  Bus.  Development 

Dale  Fisher,  Director  of  Operations 

Jacqueline  DiPerna,  Senior  Event  Coordinator 

Karen  Bornstein,  Account  Executive 

Danielle  Bourke,  Event  Operations  Coordinator 

Andrea  D’Amato,  Sr.  National  Sales  Director 

Kristin  Ballou-Cianci,  Regional  Account  Director 

Jennifer  Sand,  Regional  Account  Manager 

Cedric  Fellows,  Regional  Account  Manager 

Grace  Moy,  Exhibit  Sales  Manager 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Sara  Nieburg,  Senior  Marketing  Manager 

Cassandra  Valentine,  Registration  &  Customer  Service  Mgr. 

Buster  Paris,  Marketing  Specialist 

ONLINE  SERVICES 

Kevin  Normandeau,  Exec.  Vice  President/General  Mgr.,  Online 

Dan  Gallagher,  Sr.  Director,  Audience  Development 

Mary  Mclntire,  Sr.  Manager,  Audience  Development 

Norm  Olean,  Director  of  Business  Development,  Online 

Adam  Gaff  in,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Associate  Online  News  Editor 

Jennifer  Moberg,  Online  Marketing  Program  Manager 

Chrystie Terry,  Manager  of  Online  Audience  Development 

CLIENT  SERVICES 

Sharon  Stearns,  Director  of  Client  Services 
Frank  Coelho,  Client  Services  Manager 
Leigh  Gagin,  Client  Services  Manager 
Julie  Steiner,  Client  Services  Manager 

INFORMATION  SYSTEMS 


New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Account  Director 
Agata  Joseph,  Sr.  Account  Coordinator 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286  

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 

Internet;  elisas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237  

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
Renee  Wise,  Account  Coordinator 
Internet:  jdibian,  rwise@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Central 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Agata  Joseph,  Sr.  Account  Coordinator 
Internet:  tdavis,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 

Southeast 

Don  Seay,  Regional  Account  Director 
Renee  Wise,  Account  Coordinator 
Internet:  dseay,  rwise@nww.com 
(404)  504-6225/FAX:  (404)  504-6212  

Northern  Gaiifornia/Northwest 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Account  Director 
,  Courtney  Cochrane,  Regional  Account  Director 
Vanessa Tormey,  Regional  Account  Manager 
Jennifer  Hallett,  Account  Coordinator 
Cyril Talusan,  Account  Coordinator 
Internet:  skupiec,  kwilde,  ccochrane,  vtormey,  ctalusan, 
jhallett@nww.com 
(510)  768-2800/FAX:  (510)  768-2801  

Southwest/Rockies 

Becky  Bogart,  Regional  Account  Director 
Internet:  bbogart@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Online/Integrated  Solutions 

Kevin  Normandeau,  Exec.  Vice  President/General  Mgr.,  Online 

Susan  Cardoza,  Associate  Publisher,  Online 

Scott  Buckler,  Online  Account  Director 

Stephanie  Gutierrez,  Online  Account  Manager 

Debbie  Lovell,  Online  Account  Manager 

Kate  Zinn,  Online  Account  Director 

Denise  Landry,  Account  Coordinator 

LisaThompson,  Account  Coordinator 

Internet:  knormandeau,  scardoza,  sbuckler,  sgutierrez, 

dlovell,  kzinn,  dlandry,  lthompson@nww.com 

(508)  460-3333/FAX:  (508)  861-0467 _ _ 


MARKETPLACE/EMERGING  MARKETS 

Donna  Pomponi.  Director  of  Emerging  Markets 

Enku  Gubaie,  Manager  of  Marketplace/Emerging  Markets 

Caitlin  Horgan,  Manager  of  Marketplace/Emerging  Markets 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  dpomponi,  egubaie,  chorgan,  cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 


W.  Michael  Draper,  Chief  Operating  Officer 
Tom  Kroon,  Director  of  Systems  Development 
Anne  Nickinello,  Senior  Systems  Analyst 
Puneet  Narang,  Manager  of  DatabaseTechnologies 
William  Zhang,  Senior  Software  Engineer 
Manav  Sehgal,  Senior  Software  Engineer 
Prashanth  Menon,  Database  Support  Specialist 
Rocco  Bortone,  Director  of  Network  IT 
Peter  Hebenstreit,  Senior  Network/Telecom  Engineer 
Brian  Wood,  Senior  Systems  Support  Specialist 
David  Mahoney,  Systems  Support  Specialist 
BUSINESS  SERVICES 

Mark  Anderson,  Business  Services  Supervisor 
Linda  Cavanagh,  Business  Services  Administrator 


■  IDG 

Patrick  J.  McGovern,  Chairman  of  the  Board 
Bob  Carrigan,  President,  IDG  Communications 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information  tech 
nology.  IDG  publishes  over  300  computer  publications  in  85 
countries.  One  hundred  million  people  read  one  or  more  IDG 
publications  each  month.  Network  World  contributes  to  the 
IDG  News  Service,  offering  the  latest  on  domestic  and  inter- 
national  computer  news. 


90  *  www.networkworld.coni  •  3.20.06 


Survey 

continued  from  page  14 

despite  the  widespread  use  of 
preventive  products.  For  exam¬ 
ple,  iSCA  Labs  conducts  an  annu¬ 
al  survey  of  300  companies  and 
government  agencies  to  find  out 
how  much  anti-virus  software 
they  use  on  desktops  and 


servers,  and  how  many  “virus  dis¬ 
asters”  they  experienced  over  the 
course  of  the  year.  Every  year,  as 
in  last  year’s  10th  Annual  Virus 
Prevalence  Survey,  the  costs  of 
cleaning  up  after  a  virus  disaster 
seem  to  rise  —  last  year  showed 
a  23%  increase  over  the  year 
before  to  $130,000  per  disaster  — 
while  companies  keep  buying 


more  anti-virus  software. 

Some  companies  have  gone  to 
extremes  to  show  how  badly 
users  need  their  products.  Last 
October  RSA  Security  sent  a  half- 
dozen  employees  out  to  Central 
Park  in  New  York  wearing  “I  Love 
N.Y’  T-shirts  to  see  if  passersby 
would  fall  for  an  in-person  phish¬ 
ing  scam  to  get  their  personal 


information. 

In  the  guise  of  conducting  a 
tourism  survey  the  RSA  employ¬ 
ees  spent  a  few  days  handing  out 
paper  questionnaires.  More  than 
103  people  filled  out  the  ques¬ 
tionnaires  listing  their  name, 
address, number  of  children,  place 
of  birth,  mother’s  maiden  name, 
date  of  birth  and  other  informa- 


Lire  sciences 


APRIL  3-5,  2006  |  SHERATON  BOSTON  HOTEL  |  BOSTON,  MA 


Massachusetts  Biotechnology  Council  I  BiolT  World 


7  ■CONFERENCES  EXPO 
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Indispensable  Technologies  Driving  Discovery.  Development,  and  Clinical  Trials  ? 


Critical  Technologies 

Impacting 

the  Drug  Discovery 

Pipeline 


Join  us  at  the  fifth  annual  Bio-IT  World  conference  -  the  premier  event 
for  life  science  and  IT  professionals  in  pharmaceutical,  biotech  and  academic 
organizations  -  at  the  Sheraton  Boston  Hotel,  April  3-5,  2006. 


Life  Sciences  Conference  +  Expo  is  produced  by  Bio-IT 

World  and  focuses  on  the  indispensable  technologies 

throughout  the  drug  development  lifecycle. 

This  year  in  Boston,  you'll  discover: 

•  The  latest  technology  developments  and  research 
breakthroughs  on  a  complete  spectrum  of  topics  - 
from  drug  discovery  to  market  delivery 

•  How  pharma  and  biotech  companies  use  and  procure 
technology  to  enhance  target  identification,  improve 
drug  discovery,  expedite  clinical  trials  and  speed  time 
to  market 

•  A  world-class  three-day  conference  program, 
keynotes,  expert  speakers,  award  presentations  and 
educational  workshops 

•  An  expo  floor  with  a  full  array  of  products  and 
services  from  life  science  equipment  to  information 
technologies 


The  2006  Keynote  Addresses: 


Ray  Kuizweil,  Ph.D. 

Legendary  Inventor 
and  Author  of 
The  Singularity  is  Near 


Kari  Stefansson,  M.D. 
FounderfCEO 
DeCODE  Genetics 
Iceland 


Allen  Roses,  M.D. 

Senior  Vice  President 
of  Genetics  Research 
GlaxoSmithKline 


Life  Sciences  Conference  +  Expo  features  four  primary 
conference  trades: 

*  Genomic  Medicine  and  Technology 

The  post-genome  era  is  being  shaped  by  dramatic 
advances  in  new  technology,  particularly  in  the  areas 
of  DNA  sequencing,  protein  analysis  and  microarray 
gene  profiling.E-Clinical  Research  and  Trials 

*  IT/Informatics  Solutions  for  Drug  Discovery 

This  track  will  examine  the  critical  ways  in  which 
organizations  are  deploying  information  technology 
and  informatics  solutions  to  further  drug  discovery. 

•  E-Clinical  Research  and  Trials 

This  track  explores  the  impact  of  technology  on  the 
costly  and  time-consuming  process  of  gathering  and 
analyzing  data  in  (and  after)  clinical  trials. 

•  The  IDG  Venture  Summit 

This  annual  track,  co-organized  by  Ernst  &  Young,  is 
a  compelling  one-day  event  that  unites  the 
biopharma  and  investment  communities.  The  track 
will  provide  expert,  in-depth  analysis  on  the 
investment  landscape  for  both  the  biotech  and 
biopharma  technology  industries. 


Plus: 

•  The  2006  Benjamin  Franklin  Award 
(presented  by  Bioinformatics. Org) 

•  The  Bio-IT  World  Best  of  Show  competition 


Join  us  for  all  this,  along  with  instructional  workshops,  special  awards  ceremonies,  and  much  more! 


Space  is  Limited!  Register  Today  -  use  Priority  Code  BTR248  to  Save. 
Go  to  www.lifesciencesexpo.com  or  Phone  805-677-4295 
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tion,  says  FSSAs  public  relations 
manager.  Matt  Buckley.“We  left  out 
the  Social  Security  number’’ 

The  purpose  of  the  survey  exer¬ 
cise  was  to  show  how  easily  peo¬ 
ple  fall  for  phishing  scams.  “It 
shows  that  even  though  there  are 
a  lot  of  stories  about  phishing,  you 
can’t  rely  on  education. You  need 
a  technology  process,”  as  a  safe¬ 
guard,  Buckley  says. 

Ironically,  cybercriminals  are 
finding  surveys  help  them,  too.  A 
recent  phishing  scam  masquer¬ 
ades  as  a  $20  credit  offer  from 
Chase  Manhattan  Bank  if  the 
recipient  fills  out  an  online  survey 
about  customer  satisfaction,  fol¬ 
lowed  by  requests  for  personal 
information  such  as  Social 
Security  number  and  mother’s 
maiden  name.B 
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BAGKSPIN 


Mark  Gibbs 


‘American  IT  Idol’ 


Host  Welcome  back  to 
the  show.  My  name  is 
Mark  Gibbs,  and 
you've  tuned  in  to  “Ameri¬ 
can  IT  Idol.”  Its  been  an 
exciting  few  decades,  and  we’ve  narrowed  down  the  con¬ 
test  to  a  handful  of  really  strong  competitors.This  week, 
we  have  three  of  the  leading  popular  contestants. 

First  up  tonight  is  that  perennial  favorite,  Microsoft. 
Randy,  what  do  you  think  of  its  performance? 

Randy:  Dog,  I  gotta  say  it  was  a  strong  performance  but 
there’s  something  missing,  know  what  1  mean?  Very  pitchy 
in  the  advertising,  and  while  Windows  Vista  sounds  good, 
there’s  no  there  there,  dog!  Nothing  to  own  the  stage  of 
the  future  other  than  a  gazillion  products  that  have  got 
corporate  America  trussed  up  like  a  chicken,  and  a  raft  of 
FUD  that  could  float  a  battleship,  know  what  I  mean? 
Vista’s  like  watching  Marcel  Marceau  with  the  lights  out, 
know  what  I  mean?  Paula? 

Paula:  Oh  Microsoft  is  wonderful,  fabulous.  Microsoft 
is  so  real!  It  just  keeps  getting  stronger  and  stronger! 
Love  it!  Simon? 

Simon:  What  can  I  say?  Great  performer,  but  no  heart.  I 
agree  with  Paula  and  Randy,  even  though  they  have  no 
idea  what  they’re  talking  about. Yes,  Microsoft  is  very 
pitchy  and  lacking  in  deliverables,  but  it’s  guaranteed  to 


go  on  to  the  next  round.  Of  course,  I’m  British  and  I  know 
better  than  everyone  else. 

Host:  All  right,  next  is  Apple,  which  has  recently  changed 
its  tune  but  not  its  iTunes.Your  thoughts,  Randy? 

Randy:  Dog!  You  know  it’s  da  bomb!  MacTel  is  a  great 
number  —  lotsa  glitz,  lotsa  hype  and  good  performance 
to  back  it  up.  But  we  want  more,  dog,  more!  Oh  yeah,  if 
Apple  really  wants  to  succeed  it’s  gotta  get  out  more  — 
get  more  in  the  corporate  eye  and  be  seen,  dog.  New 
dance  moves  aren’t  enough  —  you  gotta  wow  them! 

Right,  dog  pound?  (Sound  effect:  barking) 

Paula:  Oh,  Apple  is  wonderful,  fabulous.  Apple  is  so  real! 
It  just  keeps  getting  stronger  and  stronger!  Love  it!  Simon? 

Simon:  I’m  not  as  sure  as  Randy  on  this  one.  Apple’s  act 
is  looking  stronger,  but  its  business  is  far  more  consumer- 
focused,  and  expanding  its  corporate  presence  outside  of 
its  traditional  audience  of  multimedia  and  other  touchy- 
feely  groups  is  going  to  be  a  stretch. 

Host:  OK,  let’s  move  on  to  our  next  performer,  Google.  As 
you  all  know,  Google  is  a  relative  newcomer  compared 
with  our  other  contestants,  but  what  it  lacks  in  age  it  more 
than  makes  up  for  in  financial  muscle.  Randy? 

Randy:  Dog,  like  wow!  Outta  nowhere  with  a  bullet,  man! 
Free  this,  free  that,  APIs  here,  mashups  there.  Dog!  I  mean, 


it’s  got  that  wow  factor!  That  said,  there’s  a  little  pitchiness, 
a  little  evil  in  the  mix,  know  what  I  mean,  dog?  It  rolled 
over  on  that  China  thing  and  then  made  a  big  thing  out  of 
refusing  the  U.S.  government, so  what’s  up  with  that,  dog? 
Even  so,  I  can  see  it  sticking  it  with  the  competition.  Right, 
dog  pound?  (Sound  effect:  barking) 

Paula:  Oh,  Google  is  wonderful,  fabulous.  Google  is  so 
real!  It  just  keeps  getting  stronger  and  stronger!  Love  it! 
Simon? 

Simon:  Paula  and  Randy  are  wrong,  completely  wrong. 
Out  to  lunch.  My  problem  with  Google’s  performance  is 
that  its  share  price  has  dropped  faster  than  a  subpoena 
into  its  mailbox,  which  shows  that  for  all  the  flash  and 
showmanship  the  market  is  finding  it  hard  to  believe  in 
Google’s  long-term  financial  viability  I  could  be  wrong  — 
but  I  doubt  it,  as  I’m  British. 

Host:  Well,  that’s  all  we’ve  got  time  for  this  week  on 
“American  IT  Idol."  So  now  American  IT  industry  it’s  your 
turn  to  vote.  Will  it  be  Microsoft  with  Windows  Vista?  Will  it 
be  Apple  with  its  catchy  consumer  products  and  bid  for 
the  corporate  stage?  Will  it  be  Google  and  its  number, “We 
Want  to  Own  the  World”? 

You  decide.  Send  your  vote  to  backspin@gibbs.com  and 
check  us  out  on  Gibbsblog.  See  you  next  week. 
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Your  company  logo  on  a  postage  stamp? 


Paul  McNamara 


There  are  two  significant  numbers  to  report  relative  to 
Stamps.com,  the  online  postage  company  we’ve  written 
about  a  few  times  over  the  years. 

The  first  is  10.5  billion:That’s  the  total  number  of  business-to-consumer  advertising 
pieces  mailed  in  the  United  States  every  year  —  any  one  of  which  could  soon  carry 
Stamps.com  postage  now  that  a  prohibitive  law  dating  to  the  1800s  (banning  commer¬ 
cial  messages  on  “currency”)  has  been  swept  away  by  Congress. 

The  second  number  is  zero:That’s  the  number  of  repeat  pratfalls  the  company  has 
suffered  since  those  online  pranksters  atThe  Smoking  Gun  nearly  stuck  Stamps.com’s 
promising  PhotoStamps  program  in  the  dead-letter  file  in  the  fall  of  2004.  As  you  may 
recall,  Smoking  Gun  editors  ordered  and  received  nine  sheets  of  PhotoStamps  that 
depicted  the  likes  of  UnabomberTed  Kaczynski,  recently  deceased  Yugoslavian  war 
criminal  Slobodan  Milosevic,  and  long-ago  executed  spies  Julius  and  Ethel  Rosenberg. 
Stamps.com  has  gone  to  great  lengths  since  then  to  avoid  a  repeat  of  that  embarrass¬ 
ing  episode  and  just  completed  a  second  market  trial  of  seven  months  with  nary  a  killer 
or  spy  making  it  onto  a  stamp,  says  CEO  Ken  McBride. 

“Yes,  they  still  try _ Lots  of  people  try,  but  we’re  able  to  catch  all  that,”  he  says. 

It’s  the  first  figure  —  those  10.5  billion  stampable  pieces  of  commer¬ 
cial  snail  mail  —  that  has  McBride  salivating.  Back  in  the  ’04  test  run,  ^ — 

almost  one-third  of  the  3  million  PhotoStamps  sold  over  a  mere  seven 
and  a  half  weeks  (beforeThe  Gun  went  off)  were  of  the  commercial 
variety.  It  was  only  after  that  trial  ended  that  the  U.S.  Postal  Service 
decided  the  19th  century  statute  stood  in  the  way  of  plastering  corpo¬ 
rate  logos  on  postage  sold  over  the  Internet. 

“We’ve  had  a  lot  of  inquiries  throughout  the  second  market  test, 
and  we’ve  rejected  a  lot  of  images  that  we  wished  we  could  have 
accepted,"  McBride  says.  “We’ll  certainly  be  going  back  to  those 
folks  and  telling  them  that  we  can  now  accept  the  orders  once  we’re 
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able  to  do  so.” The  postal  service  is  expected  to  give  its  official  approval  soon. 

Then  all  McBride  will  have  to  worry  about  is  those  old  Milosevic  stamps  showing 
up  on  eBay. 

A  testament  to  the  power  of  cheap 

What  sells?  ...  Why,  sex,  of  course  —  sex  sells.  And  free:  Free  sells  big-time.  But  if 
you  aren’t  selling  sex  or  free,  what  can  you  sell  instead?  Cheap _ .Cheap  sells. 

That  lesson  is  being  driven  home  yet  again  by  a  Phoenix  Web  hosting  company  called 
iPowerWeb,  according  to  Ipwalk,  an  outfit  that  pumps  out  statistics  about  the  Internet. 
In  November  iPowerWeb  reduced  its  fee  for  a  domain  name  registration  from  $8.25  to 
$2.95,  which  Ipwalk  says  is  the  cheapest  on  this  planet. 

However,  $2.95  is  so  inexpensive  it’s  only  about  half  of  what  it  costs  iPowerWeb  to 
register  a  name  for  a  customer,  meaning  the  rock-bottom  deal  isn’t  necessarily 
doing  a  lot  for  the  company's  bottom  line. 

Or  is  it?  A  Web  hosterthat  had  been  registering  fewer  than  2,000  names  a  month  is 
now  doing  more  than  20,000  in  a  market  that  is  only  getting  hotter,  Ipwalk  says:  “At 
their  current  growth  rate,  iPowerWeb  would  need  to  upsell  roughly  4.5%  of  their  new 
domain  names  to  one-year  hosting  packages  to  balance  their  costs. 
IPowerWeb  will  also  earn  back  money  when  customers  renew  domain 
names  after  one  year,  since  the  low  price  is  only  valid  for  the  first  year. 
Many  customers  may  not  be  aware  that  the  renewal  price  is  $8.25.” 

That  catch  is  in  the  fine  print,  which  isn't  all  that  hard  to  read,  consid¬ 
ering  the  temptation  to  bury  such  a  caveat  six  pages  deep.That  iPower¬ 
Web  didn't  do  so  might  indicate  an  interest  in  maintaining  long-term 
customer  relationships.  Cheap  can  grow  old  awfully  fast  (as  can  free). 


Letting  me  know  what  you  think  won 't  cost  you  a  nickel.  The  address  is 
buzz@nww.com. 


•  NEW!  Core  enhancements  provide  faster,  more  thorough 
defragmentation 

•  NEW!  Enhanced  I/O  Smart™  intelligently  provides  transparent 

defragmentation  ensuring  uninterrupted  system  operation. 

•  EXCLUSIVE!  “Set  It  and  Forget  It”  scheduling  includes 
SmartScheduling™  for  fully  customized  and  automatic 

defragmentation  based  on  individual  usage  patterns. 

•  NEW!  Enhanced  user  interface  provides  easy  configuration  and 
scheduling  as  well  as  reports  on  disk  health,  real  time  performance 
and  fragmentation  statistics. 

•  NEW!  Native  64  bit  operating  systems  support. 

Every  system  on  your  network  needs  Diskeeper,  The  Number  One 

Automatic  Defragmenter  with  over  17  million  licenses  sold! 

Volume  licensing  and  Government  /  Education  discounts  are  available 
from  your  favorite  reseller  or  call  800-829-6468  code  4342 

_ _ _ 


SPECIAL  OFFER 

TRY  NEW  DISKEEPER  FREE  FOR  45  DAYS! 
Download:  www.diskeeper.com/nw10 

(Note:  Special  45  day  trial  only  available  at  above  Hhk) 


‘Windows®  IT  Pro,  The  Impact  of  Disk  Fragmentation  white  paper 


Breakthrough  Technology: 

Maximum  System  Performance  -Automatically 


INTRODUCING  NEW 


The  Number  One  Automatic  Defragmenter™ 


It’s  a  known  fact  fragmentation  cuts  directly  across  the  integrity  of  your 
systems  causing  crashes,  slowdowns,  freeze-ups  and  even  total 
system  failures. 


NEW  Diskeeper  10  provides  new  adaptive  technology  designed  to  wring 
every  last  drop  of  performance  out  of  every  computer  on  your  network. 


No  more  complaints  from  users  waiting  50  seconds  opening  a  Word 
document,  45  seconds  saving  a  file  or  70  seconds  searching  for  one.* 
With  Diskeeper’s  advanced  automatic  “Set  It  and  Forget  It”®  technology, 
peak  performance  is  maintained  -  automatically! 


Diskeeper  10  “Set  It  and  Forget  It”  Features 


•  NEW!  I-FAAST™  (Intelligent  File  Access  Acceleration  Sequencing 
Technology),  breakthrough  disk  performance  calibration  technology 
that  boosts  access  speeds  for  the  most  commonly  accessed  files. 


•  NEW!  Terabyte  Volume  Engine™  defrags  large  volumes,  SANs, 
RAIDs  and  NAS,  quickly  and  thoroughly. 
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©2005  Diskeeper  Corporation.  All  Rights  Reserved.  Diskeeper,  The  Number  One  Automatic  Defragmenter,  l-FAAST,  I/O  Smart,  SmartScheduling,  Terabte  Volume  Engine,  "Set  It  and  Forget  It",  and 
the  Diskeeper  Corporation  logo  are  registered  trademarks  or  trademarks  owned  by  Diskeeper  Corporation  in  the  United  States  and/or  other  countries.  Windows  is  a  registered  trademark  or 
trademark  owned  by  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Diskeeper  Corporation  •  7590  N.  Glenoaks  Blvd.  Burbank.  CA  91504  •  800-829-6468  •  www.diskeep8r.com 


Simplify  your  I.T.  and  your  business.  IBM  servers  and  storage  are  designed  to 
help  you  do  just  that.  Take  the  IBM  Total  Storage®  DS4300  Express  with 
DACstore.  It  is  designed  to  allow  you  to  reconfigure  or  add  capacity  while 
staying  up  and  running.  No  need  to  stop  to  reset  drives. 

Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.T  hero  deserves  nothing  less. 


MEET  3  HEROES  IN  THE  BATTLE  AGAINST  I.T.  COMPLEXITY. 
YOU’RE  THE  4TH. 


IBMTotalStorage  DS4300  Express 

4.2TB  with  1  controller;  16.8TB  with  2' 

Support  for  RAID  0/1/3/5/10 
2.512MB  cache 

Scales  to  33.6TB  of  Fibre  Channel  Disk1 
Limited  warranty:  3  years  on-site2 

From  $7,790  *3 

IBM  Financing  Advantage 

Only  $218/month4 
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IBM  eServer  xSeries  366  Express 

Up  to  four  64-bit  Intel*  Xeorf  Processors 
MP  3.66GHz  (single  core)/3GHz  (dual  core) 

2GB  memory,  expandable  to  64GB 
DDR  II  ECC  memory 

Six  64-bit  Active  PCI-X  2.0 

IBM  Director  to  help  monitor  performance 

Limited  warranty;  3  years  on-site2 
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IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 

Built  on  Ultrium™  3  technology 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 

Up  to  800GB  cartridge  capacity 
with  2:1  compression1 

Limited  warranty:  3  years  on-site2 


From  $6,399* 

IBM  Financing  Advantage 

Only  $227/month4 


From  $5,999* 

IBM  Financing  Advantage 

Only  $168/month4 


Complimentary  IBM 
Systems  Advisor  Tool. 

Tell  the  IBM  Systems  Advisor 
what  your  IT.  needs  are.  And 
it  will  automatically  customize 
a  server/storage  system  that’s 
I  right  for  you. 


ibm.com/ 

systems/innovate21 


1  866-872-3902 

mention  104CE13A 


"AH  pnr.es  stated  are  IBM's  estimated  retail  selling  prices  as  o!  January  24, 2006.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This 
document  was  developed  for  offerings  in  the  United  States.  IBM  rnay  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  Prices  are  subject  to  change  without  notice.  Starting  price  may  not  include  a 
ham  drive,  operating  system  or  other  features.  1.  Denotes  raw  storage  capacity.  Usable  capacity  may  be  less.  2.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will  attempt  to  diagnose  and  resolve  the  problem 
rer:  o:-  y  peine  sending  a  technician  On-site  warranty  is  available  only  tor  selected  components.  3.  Starting  price  does  not  include  hard  drives,  which  are  required  tor  operation  of  the  machine.  4.  IBM  Global  financing  offerings  are  provided 
through  IBM  Credit  I.LC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  qovernment  customers.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your 
credi!  and  other  (actors  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly  payments  Other  restrictions  may  apply  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice  IBM.  the  IBM  logo,  eServer. 
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